[Freeipa-users] Failed to start pki-tomcatd Service
Alexander Bokovoy
abokovoy at redhat.com
Thu Jul 23 06:41:33 UTC 2015
On Thu, 23 Jul 2015, Ludwig Krispenz wrote:
>>- Directory server starts just fine but serves only port 389
>>- krb5kdc starts just fine and works fine with LDAP server
>>- Dogtag tries to use LDAP server via port 636 and fails
>>
>>We need to see why port 636 is disabled.
>why do you think so ? There is:
>
>[22/Jul/2015:18:14:54 +0200] - slapd started. Listening on All Interfaces port 389 for LDAP requests
>[22/Jul/2015:18:14:54 +0200] - Listening on All Interfaces port 636 for LDAPS requests
>[22/Jul/2015:18:14:54 +0200] - Listening on /var/run/slapd-NUMEEZY-FR.socket for LDAPI requests
Missed that part. However, dogtag was failing in accessing LDAP over
port 636.
>but what is failing is:
>agmt="cn=cloneAgreement1-inf-ipa-2.numeezy.fr-pki-tomcat" (inf-ipa:7389): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) ()
>
>Is dogtag on a different instance ? why do we use port 7389 ?
Because it was migration from RHEL6 to RHEL7. In RHEL6 dogtag was living
in a separate instance.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list