[Freeipa-users] Failed to start pki-tomcatd Service

Alexandre Ellert ellertalexandre at gmail.com
Wed Jul 22 16:49:00 UTC 2015 

> Le 22 juil. 2015 à 18:40, Alexander Bokovoy <abokovoy at redhat.com> a écrit :
> 
> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>> 
>>> Le 22 juil. 2015 à 18:08, Alexander Bokovoy <abokovoy at redhat.com> a écrit :
>>> 
>>> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>>>> from both servers?
>>>> 
>>>> Server 1:
>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>> 
>>>> Server 2 :
>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>> 
>>>>> 
>>>>> With correct setup IPA 4.x should show:
>>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>> /etc/dirsrv/slapd-EXAMPLE-COM/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>> 
>>>>> I.e. there are two lines -- in the default schema and in the IPA
>>>>> instance schema. —
>>>> 
>>>> Seems to be good ?
>>> Yes. Can you get a new set of logs on 'ipactl start'?
>>> 
>>> --
>>> / Alexander Bokovoy
>> 
>> Sorry, the log is very long…I can format differently if you need.
> Thanks, no need for more logs right now.
> 
> What I see from these logs:
> - Directory server starts just fine but serves only port 389
> - krb5kdc starts just fine and works fine with LDAP server
> - Dogtag tries to use LDAP server via port 636 and fails
> 
> We need to see why port 636 is disabled.
> 
> Can you grep /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif for following
> attributes:
> nsslapd-security
> nsslapd-port
> 
> They should be 'on' and '389' correspondingly.
> 
> -- 
> / Alexander Bokovoy

Here is the result (on both servers)
# grep nsslapd-security /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif 
nsslapd-security: on
# grep nsslapd-port /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif 
nsslapd-port: 389

Notice that ns-slapd is listening on port 636 :
# netstat -antp|grep '636\|389'|grep LISTEN
tcp6       0      0 :::389                  :::*                    LISTEN      12271/ns-slapd      
tcp6       0      0 :::636                  :::*                    LISTEN      12271/ns-slapd


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150722/d114dd7e/attachment.htm>

More information about the Freeipa-users mailing list