[Freeipa-users] Failed to start pki-tomcatd Service

Alexander Bokovoy abokovoy at redhat.com
Wed Jul 22 15:09:33 UTC 2015 

On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>
>> Le 20 juil. 2015 à 17:17, Alexander Bokovoy <abokovoy at redhat.com> a écrit :
>>
>> On Mon, 20 Jul 2015, Alexandre Ellert wrote:
>>>
>>>> Can you please show output from
>>>> fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema
>>>
>>> # fgrep -r 'dc' /etc/dirsrv/slapd-NUMEEZY-FR/schema
>>
>> This is original 'dc' definition:
>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: (
>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>
>> This is the offending one:
>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: (
>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) D
>>
>>> In 00core.ldif, I have :
>>> attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>> EQUALITY caseIgnoreIA5Match
>>> SUBSTR caseIgnoreIA5SubstringsMatch
>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>>> SINGLE-VALUE
>>> X-ORIGIN 'RFC 4519'
>>> X-DEPRECATED 'domaincomponent' )
>> If you look into 99user.ldif, you'll see the wrong definition there.
>>
>> 99user.ldif accumulates definitions coming from replication or updates.
>> You can check other IPA masters, do they have 'dc' attribute defined in
>> a wrong way?
>
>I have a second IPA master and here is the occurence of ‘ domaincomponent' in /etc/dirsrv/slapd-NUMEEZY-FR/schema :
>In 00core.ldif :
>attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>  EQUALITY caseIgnoreIA5Match
>  SUBSTR caseIgnoreIA5SubstringsMatch
>  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>  SINGLE-VALUE
>  X-ORIGIN 'RFC 4519'
>  X-DEPRECATED 'domaincomponent’ )
>In 99user.ldif :
>attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) D
> ESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgn
> oreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORI
> GIN ( 'RFC 2247' 'user defined' ) )
>
>This two definition are exactly the same on both IPA masters.
>
>I don’t understand what is wrong in 99user.ldif ? How can I correct with the good definition ?
The correct definition is in the 00core.ldif. The one in 99user.ldif is
wrong.

I think you can remove it from 99user.ldif on both servers but you need
to shut down dirsrv instances on both to do that.
-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list