[Freeipa-users] Failed to start pki-tomcatd Service
Alexander Bokovoy
abokovoy at redhat.com
Mon Jul 20 15:17:50 UTC 2015
On Mon, 20 Jul 2015, Alexandre Ellert wrote:
>
>> Can you please show output from
>> fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema
>
># fgrep -r 'dc' /etc/dirsrv/slapd-NUMEEZY-FR/schema
This is original 'dc' definition:
>/etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: (
>0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
This is the offending one:
>/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: (
>0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) D
>In 00core.ldif, I have :
>attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
> EQUALITY caseIgnoreIA5Match
> SUBSTR caseIgnoreIA5SubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE
> X-ORIGIN 'RFC 4519'
> X-DEPRECATED 'domaincomponent' )
If you look into 99user.ldif, you'll see the wrong definition there.
99user.ldif accumulates definitions coming from replication or updates.
You can check other IPA masters, do they have 'dc' attribute defined in
a wrong way?
>As far as I remember, the only modification I made was to disable
>read-only access without authentication. I don’t need any other
>special customization.
Something brought the wrong definition into your IPA masters.
May be someone tried to add support for some old application?
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list