[Freeipa-users] Failed to start pki-tomcatd Service
Alexandre Ellert
ellertalexandre at gmail.com
Wed Jul 22 16:49:00 UTC 2015
> Le 22 juil. 2015 à 18:40, Alexander Bokovoy <abokovoy at redhat.com> a écrit :
>
> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>
>>> Le 22 juil. 2015 à 18:08, Alexander Bokovoy <abokovoy at redhat.com> a écrit :
>>>
>>> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>>>> from both servers?
>>>>
>>>> Server 1:
>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>
>>>> Server 2 :
>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>
>>>>>
>>>>> With correct setup IPA 4.x should show:
>>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>> /etc/dirsrv/slapd-EXAMPLE-COM/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>>
>>>>> I.e. there are two lines -- in the default schema and in the IPA
>>>>> instance schema. —
>>>>
>>>> Seems to be good ?
>>> Yes. Can you get a new set of logs on 'ipactl start'?
>>>
>>> --
>>> / Alexander Bokovoy
>>
>> Sorry, the log is very long…I can format differently if you need.
> Thanks, no need for more logs right now.
>
> What I see from these logs:
> - Directory server starts just fine but serves only port 389
> - krb5kdc starts just fine and works fine with LDAP server
> - Dogtag tries to use LDAP server via port 636 and fails
>
> We need to see why port 636 is disabled.
>
> Can you grep /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif for following
> attributes:
> nsslapd-security
> nsslapd-port
>
> They should be 'on' and '389' correspondingly.
>
> --
> / Alexander Bokovoy
Here is the result (on both servers)
# grep nsslapd-security /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif
nsslapd-security: on
# grep nsslapd-port /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif
nsslapd-port: 389
Notice that ns-slapd is listening on port 636 :
# netstat -antp|grep '636\|389'|grep LISTEN
tcp6 0 0 :::389 :::* LISTEN 12271/ns-slapd
tcp6 0 0 :::636 :::* LISTEN 12271/ns-slapd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150722/d114dd7e/attachment.htm>
More information about the Freeipa-users
mailing list