[Freeipa-users] Failed to start pki-tomcatd Service
Alexandre Ellert
ellertalexandre at gmail.com
Mon Jul 20 15:11:44 UTC 2015
> Can you please show output from
> fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema
# fgrep -r 'dc' /etc/dirsrv/slapd-NUMEEZY-FR/schema
/etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:objectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
/etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif: MUST dc
/etc/dirsrv/slapd-NUMEEZY-FR/schema/05rfc4524.ldif: MUST dc
/etc/dirsrv/slapd-NUMEEZY-FR/schema/50ns-mail.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.22 NAME ( 'mgrpAllowedBroadcaster' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/50ns-mail.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.788 NAME ( 'mgrpBroadcasterPolicy' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/50ns-mail.ldif:objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60trust.ldif:# dc=com?sub?objectclass=posixAccount)(|(trustmodel=fullaccess)(accessto=server)
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:objectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' SUP top AUXILIARY MUST d
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif: UST dc MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Ad
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif: dBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolic
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif: bTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $ krbP
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:objectClasses: ( 2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP krbSer
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUALIT
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.788 NAME 'mgrpBroadcasterPolicy' DESC
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) D
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.22 NAME 'mgrpAllowedBroadcaster' DESC
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:##### (FDNs of the krbKdcService objects).
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:##### Example: cn=kdc - server 1, ou=uvw, o=xyz
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:attributetypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:objectClasses: ( 2.16.840.1.113719.1.301.6.2.1 NAME 'krbRealmContainer' SUP top MUST ( cn ) MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSearchScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltTypes $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $ krbPrincNamingAttr $krbPwdPolicyReference $ krbPrincContainerRef ) )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:##### krbKdcService, krbAdmService and krbPwdService derive from this class.
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:objectClasses: ( 2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP ( krbService ) )
>
> and definitions of 'dc' attribute from there.
>
> 'dc' attribute is defined in 00core.ldif as
> attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
> EQUALITY caseIgnoreIA5Match
> SUBSTR caseIgnoreIA5SubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE
> X-ORIGIN 'RFC 4519'
> X-DEPRECATED 'domaincomponent’ )
In 00core.ldif, I have :
attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
X-ORIGIN 'RFC 4519'
X-DEPRECATED 'domaincomponent' )
>
> Note that syntax is 1.3.6.1.4.1.1466.115.121.1.26 (IA5String) while yours is
> 1.3.6.1.4.1.1466.115.121.1.15 (DirectoryString), they are not the same.
>
> What modifications did you do to the schema?
As far as I remember, the only modification I made was to disable read-only access without authentication.
I don’t need any other special customization.
>
> --
> / Alexander Bokovoy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150720/9bea6b1e/attachment.htm>
More information about the Freeipa-users
mailing list