[Freeipa-users] Failed to start pki-tomcatd Service
Ludwig Krispenz
lkrispen at redhat.com
Thu Jul 23 06:20:57 UTC 2015
On 07/22/2015 06:40 PM, Alexander Bokovoy wrote:
> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>
>>> Le 22 juil. 2015 à 18:08, Alexander Bokovoy <abokovoy at redhat.com> a
>>> écrit :
>>>
>>> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>>>> from both servers?
>>>>
>>>> Server 1:
>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: (
>>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: (
>>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>
>>>> Server 2 :
>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: (
>>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: (
>>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>
>>>>>
>>>>> With correct setup IPA 4.x should show:
>>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: (
>>>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>> /etc/dirsrv/slapd-EXAMPLE-COM/schema/00core.ldif:attributeTypes: (
>>>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
>>>>>
>>>>> I.e. there are two lines -- in the default schema and in the IPA
>>>>> instance schema. —
>>>>
>>>> Seems to be good ?
>>> Yes. Can you get a new set of logs on 'ipactl start'?
>>>
>>> --
>>> / Alexander Bokovoy
>>
>> Sorry, the log is very long…I can format differently if you need.
> Thanks, no need for more logs right now.
>
> What I see from these logs:
> - Directory server starts just fine but serves only port 389
> - krb5kdc starts just fine and works fine with LDAP server
> - Dogtag tries to use LDAP server via port 636 and fails
>
> We need to see why port 636 is disabled.
why do you think so ? There is:
[22/Jul/2015:18:14:54 +0200] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[22/Jul/2015:18:14:54 +0200] - Listening on All Interfaces port 636 for LDAPS requests
[22/Jul/2015:18:14:54 +0200] - Listening on /var/run/slapd-NUMEEZY-FR.socket for LDAPI requests
but what is failing is:
agmt="cn=cloneAgreement1-inf-ipa-2.numeezy.fr-pki-tomcat" (inf-ipa:7389): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) ()
Is dogtag on a different instance ? why do we use port 7389 ?
>
> Can you grep /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif for following
> attributes:
> nsslapd-security
> nsslapd-port
>
> They should be 'on' and '389' correspondingly.
>
More information about the Freeipa-users
mailing list