[Freeipa-users] Failed to start pki-tomcatd Service
Alexander Bokovoy
abokovoy at redhat.com
Tue Jul 28 03:59:37 UTC 2015
On Sun, 26 Jul 2015, Alexandre Ellert wrote:
>2015-07-23 8:41 GMT+02:00 Alexander Bokovoy <abokovoy at redhat.com>:
>
>> On Thu, 23 Jul 2015, Ludwig Krispenz wrote:
>>
>>> - Directory server starts just fine but serves only port 389
>>>> - krb5kdc starts just fine and works fine with LDAP server
>>>> - Dogtag tries to use LDAP server via port 636 and fails
>>>>
>>>> We need to see why port 636 is disabled.
>>>>
>>> why do you think so ? There is:
>>>
>>> [22/Jul/2015:18:14:54 +0200] - slapd started. Listening on All
>>> Interfaces port 389 for LDAP requests
>>> [22/Jul/2015:18:14:54 +0200] - Listening on All Interfaces port 636 for
>>> LDAPS requests
>>> [22/Jul/2015:18:14:54 +0200] - Listening on
>>> /var/run/slapd-NUMEEZY-FR.socket for LDAPI requests
>>>
>> Missed that part. However, dogtag was failing in accessing LDAP over
>> port 636.
>>
>> but what is failing is:
>>> agmt="cn=cloneAgreement1-inf-ipa-2.numeezy.fr-pki-tomcat" (inf-ipa:7389):
>>> Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP
>>> server) ()
>>>
>>> Is dogtag on a different instance ? why do we use port 7389 ?
>>>
>> Because it was migration from RHEL6 to RHEL7. In RHEL6 dogtag was living
>> in a separate instance.
>>
>If the problem is too hard to solve, maybe I should try to deploy another
>replica ?
You may try that. Sorry for not responding, I have some other tasks that
occupy my time right now.
If you have Red Hat subscription, it would be good to open a support
case and put the details of the migration and logs there.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list