[Freeipa-users] Failed to start pki-tomcatd Service

Alexandre Ellert ellertalexandre at gmail.com
Mon Jul 20 15:11:44 UTC 2015 

> Can you please show output from
> fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema

# fgrep -r 'dc' /etc/dirsrv/slapd-NUMEEZY-FR/schema
/etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:objectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
/etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:  MUST dc
/etc/dirsrv/slapd-NUMEEZY-FR/schema/05rfc4524.ldif:  MUST dc
/etc/dirsrv/slapd-NUMEEZY-FR/schema/50ns-mail.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.22 NAME ( 'mgrpAllowedBroadcaster' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  X-ORIGIN 'Netscape Messaging Server 4.x' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/50ns-mail.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.788 NAME ( 'mgrpBroadcasterPolicy' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/50ns-mail.ldif:objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60trust.ldif:# dc=com?sub?objectclass=posixAccount)(|(trustmodel=fullaccess)(accessto=server)
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:objectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' SUP top AUXILIARY MUST d
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif: UST dc MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Ad
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif: dBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolic
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif: bTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $ krbP
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:objectClasses: ( 2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP krbSer
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers'  EQUALIT
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.788 NAME 'mgrpBroadcasterPolicy' DESC 
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) D
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.22 NAME 'mgrpAllowedBroadcaster' DESC 
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:##### (FDNs of the krbKdcService objects).
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:##### Example:   cn=kdc - server 1, ou=uvw, o=xyz
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:attributetypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:objectClasses: ( 2.16.840.1.113719.1.301.6.2.1 NAME 'krbRealmContainer' SUP top MUST ( cn ) MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSearchScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltTypes $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $ krbPrincNamingAttr $krbPwdPolicyReference $ krbPrincContainerRef ) )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:##### krbKdcService, krbAdmService and krbPwdService derive from this class.
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:objectClasses: ( 2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP ( krbService ) )

> 
> and definitions of 'dc' attribute from there.
> 
> 'dc' attribute is defined in 00core.ldif as
> attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
> EQUALITY caseIgnoreIA5Match
> SUBSTR caseIgnoreIA5SubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE
> X-ORIGIN 'RFC 4519'
> X-DEPRECATED 'domaincomponent’ )

In 00core.ldif, I have :
attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  SINGLE-VALUE
  X-ORIGIN 'RFC 4519'
  X-DEPRECATED 'domaincomponent' )

> 
> Note that syntax is 1.3.6.1.4.1.1466.115.121.1.26 (IA5String) while yours is
> 1.3.6.1.4.1.1466.115.121.1.15 (DirectoryString), they are not the same.
> 
> What modifications did you do to the schema?

As far as I remember, the only modification I made was to disable read-only access without authentication.
I don’t need any other special customization.

> 
> -- 
> / Alexander Bokovoy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150720/9bea6b1e/attachment.htm>

More information about the Freeipa-users mailing list