[Freeipa-users] Failed to start pki-tomcatd Service
Alexander Bokovoy
abokovoy at redhat.com
Wed Jul 22 16:40:42 UTC 2015
On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>
>> Le 22 juil. 2015 à 18:08, Alexander Bokovoy <abokovoy at redhat.com> a écrit :
>>
>> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>>> from both servers?
>>>
>>> Server 1:
>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>
>>> Server 2 :
>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>
>>>>
>>>> With correct setup IPA 4.x should show:
>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>> /etc/dirsrv/slapd-EXAMPLE-COM/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>
>>>> I.e. there are two lines -- in the default schema and in the IPA
>>>> instance schema. —
>>>
>>> Seems to be good ?
>> Yes. Can you get a new set of logs on 'ipactl start'?
>>
>> --
>> / Alexander Bokovoy
>
>Sorry, the log is very long…I can format differently if you need.
Thanks, no need for more logs right now.
What I see from these logs:
- Directory server starts just fine but serves only port 389
- krb5kdc starts just fine and works fine with LDAP server
- Dogtag tries to use LDAP server via port 636 and fails
We need to see why port 636 is disabled.
Can you grep /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif for following
attributes:
nsslapd-security
nsslapd-port
They should be 'on' and '389' correspondingly.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list