[Freeipa-users] Failed to start pki-tomcatd Service

[Alexander Bokovoy]

On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>
>> Le 22 juil. 2015 à 18:08, Alexander Bokovoy <abokovoy at redhat.com> a écrit :
>>
>> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>>> from both servers?
>>>
>>> Server 1:
>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>
>>> Server 2 :
>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>
>>>>
>>>> With correct setup IPA 4.x should show:
>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>> /etc/dirsrv/slapd-EXAMPLE-COM/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>
>>>> I.e. there are two lines -- in the default schema and in the IPA
>>>> instance schema. —
>>>
>>> Seems to be good ?
>> Yes. Can you get a new set of logs on 'ipactl start'?
>>
>> --
>> / Alexander Bokovoy
>
>Sorry, the log is very long…I can format differently if you need.
Thanks, no need for more logs right now.

What I see from these logs:
 - Directory server starts just fine but serves only port 389
 - krb5kdc starts just fine and works fine with LDAP server
 - Dogtag tries to use LDAP server via port 636 and fails

We need to see why port 636 is disabled.

Can you grep /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif for following
attributes:
 nsslapd-security
 nsslapd-port

They should be 'on' and '389' correspondingly.

-- 
/ Alexander Bokovoy