[Freeipa-users] IPA Servers out of sync - DNS records
Martin Basti
mbasti at redhat.com
Tue Dec 27 12:04:11 UTC 2016
On 27.12.2016 12:55, Outback Dingo wrote:
> On Tue, Dec 27, 2016 at 6:47 AM, Martin Basti <mbasti at redhat.com> wrote:
>>
>> On 27.12.2016 12:40, Outback Dingo wrote:
>>> On Tue, Dec 27, 2016 at 5:59 AM, Martin Basti <mbasti at redhat.com> wrote:
>>>>
>>>> On 27.12.2016 00:25, Outback Dingo wrote:
>>>>> Seems my secondary ipa server is somehow out of sync with the master,
>>>>> is there any way to force a sync update ?
>>>>>
>>>> Can you elaborate more?
>>>>
>>>> What exactly from DNS records is out of sync?
>>>>
>>>> Martin
>>>
>>> it appears as though at least one A record is missing there might be
>>> more but thats the first i noticed
>>
>>
>> Can you please search for replication conflicts
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>>
>> and do you have any replication errors in /var/log/dirsrv/slapd-*/errors
>> log on servers?
>>
>> Martin
> from the master ipa
>
> [root at ipa dingo]# cat /var/log/dirsrv/slapd-*/errors
> 389-Directory/1.3.4.0 B2016.215.1556
> ipa.optimcloud.com:636 (/etc/dirsrv/slapd-OPTIMCLOUD-COM)
>
> [20/Dec/2016:22:38:51 -0500] - SSL alert: Configured NSS Ciphers
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] - SSL alert:
> TLS_RSA_WITH_SEED_CBC_SHA: enabled
> [20/Dec/2016:22:38:51 -0500] SSL Initialization - Configured SSL
> version range: min: TLS1.0, max: TLS1.2
> [20/Dec/2016:22:38:51 -0500] - 389-Directory/1.3.4.0 B2016.215.1556 starting up
> [20/Dec/2016:22:38:51 -0500] - WARNING: changelog: entry cache size
> 2097152B is less than db size 4169728B; We recommend to increase the
> entry cache size nsslapd-cachememsize.
> [20/Dec/2016:22:38:51 -0500] - Detected Disorderly Shutdown last time
> Directory Server was running, recovering database.
> [20/Dec/2016:22:38:52 -0500] schema-compat-plugin - scheduled
> schema-compat-plugin tree scan in about 5 seconds after the server
> startup!
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> ou=sudoers,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
> [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
> cn=automember rebuild membership,cn=tasks,cn=config does not exist
> [20/Dec/2016:22:38:52 -0500] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates found, which
> should be added before the CoS Definition.
> [20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: disordely shutdown for replica
> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
> [20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: disordely shutdown for replica
> o=ipaca. Check if DB RUV needs to be updated
> [20/Dec/2016:22:38:53 -0500] set_krb5_creds - Could not get initial
> credentials for principal [ldap/ipa.optimcloud.com at OPTIMCLOUD.COM] in
> keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any
> KDC for requested realm)
> [20/Dec/2016:22:38:53 -0500] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 111
> (Connection refused)
> [20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin -
> agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389):
> Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact
> LDAP server) ()
> [20/Dec/2016:22:38:53 -0500] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -1 (Can't contact LDAP server) ((null)) errno 111 (Connection refused)
> [20/Dec/2016:22:38:53 -0500] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] authentication mechanism [GSSAPI]:
> error -1 (Can't contact LDAP server)
> [20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin -
> agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Replication bind with
> GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) ()
> [20/Dec/2016:22:38:53 -0500] schema-compat-plugin -
> schema-compat-plugin tree scan will start in about 5 seconds!
> [20/Dec/2016:22:38:53 -0500] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [20/Dec/2016:22:38:53 -0500] - Listening on All Interfaces port 636
> for LDAPS requests
> [20/Dec/2016:22:38:53 -0500] - Listening on
> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
> [20/Dec/2016:22:38:57 -0500] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=optimcloud,dc=com
> [20/Dec/2016:22:38:58 -0500] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=optimcloud,dc=com
> [20/Dec/2016:22:38:58 -0500] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
> [20/Dec/2016:22:38:58 -0500] schema-compat-plugin - Finished plugin
> initialization.
> [20/Dec/2016:22:38:58 -0500] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 107
> (Transport endpoint is not connected)
> [20/Dec/2016:22:38:58 -0500] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
> is not connected)
> [20/Dec/2016:22:38:58 -0500] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] authentication mechanism [GSSAPI]:
> error -1 (Can't contact LDAP server)
> [20/Dec/2016:22:39:05 -0500] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 107
> (Transport endpoint is not connected)
> [20/Dec/2016:22:39:05 -0500] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
> is not connected)
> [20/Dec/2016:22:39:05 -0500] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] authentication mechanism [GSSAPI]:
> error -1 (Can't contact LDAP server)
> [20/Dec/2016:22:39:17 -0500] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 107
> (Transport endpoint is not connected)
> [20/Dec/2016:22:39:17 -0500] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
> is not connected)
> [20/Dec/2016:22:39:17 -0500] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] authentication mechanism [GSSAPI]:
> error -1 (Can't contact LDAP server)
> [20/Dec/2016:22:39:41 -0500] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
> is not connected)
> [20/Dec/2016:22:39:41 -0500] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] authentication mechanism [GSSAPI]:
> error -1 (Can't contact LDAP server)
> [20/Dec/2016:22:39:41 -0500] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 107
> (Transport endpoint is not connected)
> [20/Dec/2016:22:40:29 -0500] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
> is not connected)
> [20/Dec/2016:22:40:29 -0500] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] authentication mechanism [GSSAPI]:
> error -1 (Can't contact LDAP server)
> [20/Dec/2016:22:40:29 -0500] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 107
> (Transport endpoint is not connected)
> [20/Dec/2016:22:42:05 -0500] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
> is not connected)
> [20/Dec/2016:22:42:05 -0500] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] authentication mechanism [GSSAPI]:
> error -1 (Can't contact LDAP server)
> [20/Dec/2016:22:42:05 -0500] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 107
> (Transport endpoint is not connected)
> [20/Dec/2016:22:45:17 -0500] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 107
> (Transport endpoint is not connected)
> [20/Dec/2016:22:45:17 -0500] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
> is not connected)
> [20/Dec/2016:22:45:17 -0500] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] authentication mechanism [GSSAPI]:
> error -1 (Can't contact LDAP server)
> [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
> agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389):
> Replication bind with SIMPLE auth resumed
> [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
> agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Replication bind with
> GSSAPI auth resumed
> [20/Dec/2016:22:50:14 -0500]
> agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389) -
> Can't locate CSN 5852cec0000000600000 in the changelog (DB rc=-30988).
> If replication stops, the consumer may need to be reinitialized.
> [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
> agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389):
> Missing data encountered
> [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
> agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389):
> Incremental update failed and requires administrator action
> [20/Dec/2016:22:50:14 -0500] agmt="cn=meToipa2.optimcloud.com"
> (ipa2:389) - Can't locate CSN 58528dac000200040000 in the changelog
> (DB rc=-30988). If replication stops, the consumer may need to be
> reinitialized.
> [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
> agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Missing data encountered
> [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
> agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Incremental update
> failed and requires administrator action
>
> from the ipa2 slave
>
> [root at ipa2 dingo]# cat /var/log/dirsrv/slapd-*/errors
> 389-Directory/1.3.4.0 B2016.215.1556
> ipa2.optimcloud.com:636 (/etc/dirsrv/slapd-OPTIMCLOUD-COM)
>
> [20/Dec/2016:22:49:22 -0500] - SSL alert: Configured NSS Ciphers
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] - SSL alert:
> TLS_RSA_WITH_SEED_CBC_SHA: enabled
> [20/Dec/2016:22:49:22 -0500] SSL Initialization - Configured SSL
> version range: min: TLS1.0, max: TLS1.2
> [20/Dec/2016:22:49:22 -0500] - 389-Directory/1.3.4.0 B2016.215.1556 starting up
> [20/Dec/2016:22:49:22 -0500] - WARNING: changelog: entry cache size
> 2097152B is less than db size 4104192B; We recommend to increase the
> entry cache size nsslapd-cachememsize.
> [20/Dec/2016:22:49:22 -0500] - Detected Disorderly Shutdown last time
> Directory Server was running, recovering database.
> [20/Dec/2016:22:49:22 -0500] schema-compat-plugin - scheduled
> schema-compat-plugin tree scan in about 5 seconds after the server
> startup!
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> ou=sudoers,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
> [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
> cn=automember rebuild membership,cn=tasks,cn=config does not exist
> [20/Dec/2016:22:49:22 -0500] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates found, which
> should be added before the CoS Definition.
> [20/Dec/2016:22:49:24 -0500] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: disordely shutdown for replica
> o=ipaca. Check if DB RUV needs to be updated
> [20/Dec/2016:22:49:24 -0500] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: disordely shutdown for replica
> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
> [20/Dec/2016:22:49:24 -0500] set_krb5_creds - Could not get initial
> credentials for principal [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in
> keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any
> KDC for requested realm)
> [20/Dec/2016:22:49:24 -0500] schema-compat-plugin -
> schema-compat-plugin tree scan will start in about 5 seconds!
> [20/Dec/2016:22:49:24 -0500] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> GSS failure. Minor code may provide more information (No Kerberos
> credentials available)) errno 0 (Succ
> ess)
> [20/Dec/2016:22:49:24 -0500] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] authentication mechanism [GSSAPI]:
> error -2 (Local error)
> [20/Dec/2016:22:49:24 -0500] NSMMReplicationPlugin -
> agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with
> GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic
> failure: GSSAPI Error: Unspecified GSS failure. Minor code may
> provide more information (No Kerberos credentials available))
> [20/Dec/2016:22:49:24 -0500] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [20/Dec/2016:22:49:24 -0500] - Listening on All Interfaces port 636
> for LDAPS requests
> [20/Dec/2016:22:49:24 -0500] - Listening on
> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
> [20/Dec/2016:22:49:27 -0500] NSMMReplicationPlugin -
> agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with
> GSSAPI auth resumed
> [20/Dec/2016:22:49:28 -0500] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=optimcloud,dc=com
> [20/Dec/2016:22:49:28 -0500] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=optimcloud,dc=com
> [20/Dec/2016:22:49:28 -0500] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
> [20/Dec/2016:22:49:29 -0500] schema-compat-plugin - Finished plugin
> initialization.
> [22/Dec/2016:21:01:17 -0500] - SSL alert: Configured NSS Ciphers
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] - SSL alert:
> TLS_RSA_WITH_SEED_CBC_SHA: enabled
> [22/Dec/2016:21:01:17 -0500] SSL Initialization - Configured SSL
> version range: min: TLS1.0, max: TLS1.2
> [22/Dec/2016:21:01:17 -0500] - 389-Directory/1.3.4.0 B2016.215.1556 starting up
> [22/Dec/2016:21:01:18 -0500] - WARNING: changelog: entry cache size
> 2097152B is less than db size 4096000B; We recommend to increase the
> entry cache size nsslapd-cachememsize.
> [22/Dec/2016:21:01:18 -0500] - Detected Disorderly Shutdown last time
> Directory Server was running, recovering database.
> [22/Dec/2016:21:01:19 -0500] schema-compat-plugin - scheduled
> schema-compat-plugin tree scan in about 5 seconds after the server
> startup!
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> ou=sudoers,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
> [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
> cn=automember rebuild membership,cn=tasks,cn=config does not exist
> [22/Dec/2016:21:01:19 -0500] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates found, which
> should be added before the CoS Definition.
> [22/Dec/2016:21:01:21 -0500] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: disordely shutdown for replica
> o=ipaca. Check if DB RUV needs to be updated
> [22/Dec/2016:21:01:21 -0500] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: disordely shutdown for replica
> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
> [22/Dec/2016:21:01:21 -0500] set_krb5_creds - Could not get initial
> credentials for principal [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in
> keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any
> KDC for requested realm)
> [22/Dec/2016:21:01:21 -0500] schema-compat-plugin -
> schema-compat-plugin tree scan will start in about 5 seconds!
> [22/Dec/2016:21:01:21 -0500] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> GSS failure. Minor code may provide more information (No Kerberos
> credentials available)) errno 0 (Succ
> ess)
> [22/Dec/2016:21:01:21 -0500] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] authentication mechanism [GSSAPI]:
> error -2 (Local error)
> [22/Dec/2016:21:01:21 -0500] NSMMReplicationPlugin -
> agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with
> GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic
> failure: GSSAPI Error: Unspecified GSS failure. Minor code may
> provide more information (No Kerberos credentials available))
> [22/Dec/2016:21:01:21 -0500] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [22/Dec/2016:21:01:21 -0500] - Listening on All Interfaces port 636
> for LDAPS requests
> [22/Dec/2016:21:01:21 -0500] - Listening on
> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
> [22/Dec/2016:21:01:24 -0500] NSMMReplicationPlugin -
> agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with
> GSSAPI auth resumed
> [22/Dec/2016:21:01:25 -0500] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=optimcloud,dc=com
> [22/Dec/2016:21:01:26 -0500] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=optimcloud,dc=com
> [22/Dec/2016:21:01:26 -0500] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
> [22/Dec/2016:21:01:26 -0500] schema-compat-plugin - Finished plugin
> initialization.
According to log, it looks that replication has been restored a week ago
can you use https://github.com/peterpakos/ipa_check_consistency to check
what else is missing?
If it finds missing entries, probably re-initialization will be needed
Martin
More information about the Freeipa-users
mailing list