[Freeipa-users] Failed to start pki-tomcatd Service
Alexander Bokovoy
abokovoy at redhat.com
Mon Jul 20 14:38:41 UTC 2015
On Mon, 20 Jul 2015, Alexandre Ellert wrote:
>
>>
>> Is there anything related to the connection error in dirsrv logs?
>>
>> /var/log/dirsrv/slapd-EXAMPLE-COM/errors
>> /var/log/dirsrv/slapd-EXAMPLE-COM/access
>> --
>> Petr Vobornik
>
>Yes, there are errors in /var/log/dirsrv/slapd-EXAMPLE-COM/errors when I try to start with ipactl -f start:
>
>==> errors <==
>[20/Jul/2015:16:28:05 +0200] attr_syntax_create - Error: the EQUALITY matching rule [caseIgnoreIA5Match] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
>[20/Jul/2015:16:28:05 +0200] attr_syntax_create - Error: the SUBSTR matching rule [caseIgnoreIA5SubstringsMatch] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
Can you please show output from
fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema
and definitions of 'dc' attribute from there.
'dc' attribute is defined in 00core.ldif as
attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
X-ORIGIN 'RFC 4519'
X-DEPRECATED 'domaincomponent' )
Note that syntax is 1.3.6.1.4.1.1466.115.121.1.26 (IA5String) while yours is
1.3.6.1.4.1.1466.115.121.1.15 (DirectoryString), they are not the same.
What modifications did you do to the schema?
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list