[Freeipa-users] Setup of freeipa 4.2.3 failed
Markus Roth
markus at die5roths.de
Sun Jan 10 08:40:07 UTC 2016
Am Samstag, den 09.01.2016, 17:41 -0500 schrieb Rob Crittenden:
> Markus Roth wrote:
> > Am Freitag, den 08.01.2016, 13:25 +0100 schrieb Martin Babinsky:
> > > On 01/08/2016 01:06 PM, Markus Roth wrote:
> > > > Hi all,
> > > >
> > > > I tried to install freeipa server (freeipa-server.armv7hl
> > > > 4.2.3-1.1.fc23), but the installation failed.
> > > >
> > > > -----------------------------------------------------
> > > > Configuring NTP daemon (ntpd)
> > > > [1/4]: stopping ntpd
> > > > [2/4]: writing configuration
> > > > [3/4]: configuring ntpd to start on boot
> > > > [4/4]: starting ntpd
> > > > Done configuring NTP daemon (ntpd).
> > > > Configuring directory server (dirsrv). Estimated time: 1 minute
> > > > [1/43]: creating directory server user
> > > > [2/43]: creating directory server instance
> > > > [3/43]: adding default schema
> > > > [4/43]: enabling memberof plugin
> > > > [5/43]: enabling winsync plugin
> > > > [6/43]: configuring replication version plugin
> > > > [7/43]: enabling IPA enrollment plugin
> > > > [8/43]: enabling ldapi
> > > > [9/43]: configuring uniqueness plugin
> > > > [10/43]: configuring uuid plugin
> > > > [11/43]: configuring modrdn plugin
> > > > [12/43]: configuring DNS plugin
> > > > [13/43]: enabling entryUSN plugin
> > > > [14/43]: configuring lockout plugin
> > > > [15/43]: creating indices
> > > > [16/43]: enabling referential integrity plugin
> > > > [17/43]: configuring certmap.conf
> > > > [18/43]: configure autobind for root
> > > > [19/43]: configure new location for managed entries
> > > > [20/43]: configure dirsrv ccache
> > > > [21/43]: enable SASL mapping fallback
> > > > [22/43]: restarting directory server
> > > > [23/43]: adding default layout
> > > > [24/43]: adding delegation layout
> > > > [25/43]: creating container for managed entries
> > > > [26/43]: configuring user private groups
> > > > [27/43]: configuring netgroups from hostgroups
> > > > [28/43]: creating default Sudo bind user
> > > > [29/43]: creating default Auto Member layout
> > > > [30/43]: adding range check plugin
> > > > [31/43]: creating default HBAC rule allow_all
> > > > [32/43]: creating default CA ACL rule
> > > > [33/43]: adding entries for topology management
> > > > [34/43]: initializing group membership
> > > > [35/43]: adding master entry
> > > > [36/43]: initializing domain level
> > > > [37/43]: configuring Posix uid/gid generation
> > > > [38/43]: adding replication acis
> > > > [39/43]: enabling compatibility plugin
> > > > [40/43]: activating sidgen plugin
> > > > [41/43]: activating extdom plugin
> > > > [42/43]: tuning directory server
> > > > [43/43]: configuring directory to start on boot
> > > > Done configuring directory server (dirsrv).
> > > > Configuring certificate server (pki-tomcatd). Estimated time: 3
> > > > minutes
> > > > 30 seconds
> > > > [1/25]: creating certificate server user
> > > > [2/25]: configuring certificate server instance
> > > > [3/25]: stopping certificate server instance to update
> > > > CS.cfg
> > > > [4/25]: backing up CS.cfg
> > > > [5/25]: disabling nonces
> > > > [6/25]: set up CRL publishing
> > > > [7/25]: enable PKIX certificate path discovery and
> > > > validation
> > > > [8/25]: starting certificate server instance
> > > > [9/25]: creating RA agent certificate database
> > > > [10/25]: importing CA chain to RA certificate database
> > > > [11/25]: fixing RA database permissions
> > > > [12/25]: setting up signing cert profile
> > > > [13/25]: setting audit signing renewal to 2 years
> > > > [14/25]: restarting certificate server
> > > > [15/25]: requesting RA certificate from CA
> > > > [16/25]: issuing RA agent certificate
> > > > [17/25]: adding RA agent as a trusted user
> > > > [18/25]: authorizing RA to modify profiles
> > > > [19/25]: configure certmonger for renewals
> > > > [20/25]: configure certificate renewals
> > > > [21/25]: configure RA certificate renewal
> > > > [22/25]: configure Server-Cert certificate renewal
> > > > [23/25]: Configure HTTP to proxy connections
> > > > [24/25]: restarting certificate server
> > > > [25/25]: Importing IPA certificate profiles
> > > > Done configuring certificate server (pki-tomcatd).
> > > > Configuring directory server (dirsrv). Estimated time: 10
> > > > seconds
> > > > [1/3]: configuring ssl for ds instance
> > > > [error] RuntimeError: Certificate issuance failed
> > > > ipa.ipapython.install.cli.install_tool(Server):
> > > > ERROR Certificate
> > > > issuance failed
> > > >
> > > > -----------------------------------------------
> > > >
> > > > The last messages in the log file (/var/log/ipaserver-
> > > > install.log):
> > > >
> > > > File
> > > > "/usr/lib/python2.7/site-
> > > > packages/ipaserver/install/dsinstance.py",
> > > > line
> > > > 637, in __enable_ssl
> > > > self.nickname, self.fqdn, cadb)
> > > > File "/usr/lib/python2.7/site-
> > > > packages/ipaserver/install/certs.py",
> > > > line 337, in create_server_cert
> > > > cdb.issue_server_cert(self.certreq_fname,
> > > > self.certder_fname)
> > > > File "/usr/lib/python2.7/site-
> > > > packages/ipaserver/install/certs.py",
> > > > line 419, in issue_server_cert
> > > > raise RuntimeError("Certificate issuance failed")
> > > >
> > > > 2016-01-08T09:33:47Z DEBUG The ipa-server-install command
> > > > failed,
> > > > exception: RuntimeError: Certificate issuance failed
> > > > 2016-01-08T09:33:47Z ERROR Certificate issuance failed
> > > >
> > > > any ideas about this error?
> > > >
> > > > Markus
> > > >
> > > >
> > >
> > > Sounds similar to https://fedorahosted.org/freeipa/ticket/5376, b
> > > ut I
> > >
> > > can not be sure without seeing installation log
> > > (/var/log/ipaserver-install.log).
> > >
> > > As a workaround, you can try to re-run the installation in
> > > verbose
> > > mode
> > > using '-v' option and see if it succeeds. Be prepared for a lot
> > > of
> > > garbage spouted on the output, though.
> > >
> > Hi Martin,
> >
> > did an setup with fedora 22 and freeipa-server.armv7hl 4.1.4-4.fc22
> >
> > The setup completed successfully. The only change I did was, change
> > the
> > startup_timeout variable to 900 in /usr/lib/python2.7/site-
> > packages/ipalib/constants.py, because the hardware (banana pi)
> > isn't
> > fast enough for the certification generation process.
> >
> > So it must be an bug in freeipa-server.armv7hl 4.2.3-1.1.fc23.
>
> /var/log/ipaserver-install.log from the failed install would be
> helpful.
>
> rob
>
>
attached is the log file and the output of ipa-server-install -v (ipa-
install.txt)
-------------- next part --------------
The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the FreeIPA Server.
This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
To accept the default shown in brackets, press the Enter key.
WARNING: conflicting time&date synchronization service 'chronyd' will be disabled
in favor of ntpd
Do you want to configure integrated DNS (BIND)? [no]: yes
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.
Server host name [obelix.roth.lan]:
Warning: skipping DNS resolution of host obelix.roth.lan
The domain name has been determined based on the host name.
Please confirm the domain name [roth.lan]:
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.
Please provide a realm name [ROTH.LAN]:
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.
Directory Manager password:
Password (confirm):
The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.
IPA admin password:
Password (confirm):
Do you want to configure DNS forwarders? [yes]:
Enter an IP address for a DNS forwarder, or press Enter to skip: 192.168.178.254
DNS forwarder 192.168.178.254 added. You may add another.
Enter an IP address for a DNS forwarder, or press Enter to skip:
Checking DNS forwarders, please wait ...
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [178.168.192.in-addr.arpa.]:
Using reverse zone(s) 178.168.192.in-addr.arpa.
The IPA Master Server will be configured with:
Hostname: obelix.roth.lan
IP address(es): 192.168.178.10
Domain name: roth.lan
Realm name: ROTH.LAN
BIND DNS server will be configured to serve IPA domain with:
Forwarders: 192.168.178.254
Reverse zone(s): 178.168.192.in-addr.arpa.
Continue to configure the system with these values? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 1 minute
[1/43]: creating directory server user
[2/43]: creating directory server instance
[3/43]: adding default schema
[4/43]: enabling memberof plugin
[5/43]: enabling winsync plugin
[6/43]: configuring replication version plugin
[7/43]: enabling IPA enrollment plugin
[8/43]: enabling ldapi
[9/43]: configuring uniqueness plugin
[10/43]: configuring uuid plugin
[11/43]: configuring modrdn plugin
[12/43]: configuring DNS plugin
[13/43]: enabling entryUSN plugin
[14/43]: configuring lockout plugin
[15/43]: creating indices
[16/43]: enabling referential integrity plugin
[17/43]: configuring certmap.conf
[18/43]: configure autobind for root
[19/43]: configure new location for managed entries
[20/43]: configure dirsrv ccache
[21/43]: enable SASL mapping fallback
[22/43]: restarting directory server
[23/43]: adding default layout
[24/43]: adding delegation layout
[25/43]: creating container for managed entries
[26/43]: configuring user private groups
[27/43]: configuring netgroups from hostgroups
[28/43]: creating default Sudo bind user
[29/43]: creating default Auto Member layout
[30/43]: adding range check plugin
[31/43]: creating default HBAC rule allow_all
[32/43]: creating default CA ACL rule
[33/43]: adding entries for topology management
[34/43]: initializing group membership
[35/43]: adding master entry
[36/43]: initializing domain level
[37/43]: configuring Posix uid/gid generation
[38/43]: adding replication acis
[39/43]: enabling compatibility plugin
[40/43]: activating sidgen plugin
[41/43]: activating extdom plugin
[42/43]: tuning directory server
[43/43]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds
[1/25]: creating certificate server user
[2/25]: configuring certificate server instance
[3/25]: stopping certificate server instance to update CS.cfg
[4/25]: backing up CS.cfg
[5/25]: disabling nonces
[6/25]: set up CRL publishing
[7/25]: enable PKIX certificate path discovery and validation
[8/25]: starting certificate server instance
[9/25]: creating RA agent certificate database
[10/25]: importing CA chain to RA certificate database
[11/25]: fixing RA database permissions
[12/25]: setting up signing cert profile
[13/25]: setting audit signing renewal to 2 years
[14/25]: restarting certificate server
[15/25]: requesting RA certificate from CA
[16/25]: issuing RA agent certificate
[17/25]: adding RA agent as a trusted user
[18/25]: authorizing RA to modify profiles
[19/25]: configure certmonger for renewals
[20/25]: configure certificate renewals
[21/25]: configure RA certificate renewal
[22/25]: configure Server-Cert certificate renewal
[23/25]: Configure HTTP to proxy connections
[24/25]: restarting certificate server
[25/25]: Importing IPA certificate profiles
Done configuring certificate server (pki-tomcatd).
Configuring directory server (dirsrv). Estimated time: 10 seconds
[1/3]: configuring ssl for ds instance
[error] RuntimeError: Certificate issuance failed
ipa.ipapython.install.cli.install_tool(Server): ERROR Certificate issuance failed
[root at obelix ~]# ^C
[root at obelix ~]# less /var/log/ipa
ipaserver-install.log ipaupgrade.log
[root at obelix ~]# less /var/log/ipaserver-install.log
[root at obelix ~]# vi /usr/lib/python2.7/site-packages/ipaserver/install/certs.py
[root at obelix ~]# less /var/log/ipaserver-install.log
[root at obelix ~]# ipa-server-install -v
ipa.ipapython.install.cli.install_tool(Server): DEBUG Logging to /var/log/ipaserver-install.log
ipa.ipapython.install.cli.install_tool(Server): DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'verbose': True, 'ip_addresses': None, 'domainlevel': None, 'mkhomedir': None, 'no_pkinit': None, 'http_cert_files': None, 'no_ntp': None, 'subject': None, 'no_forwarders': None, 'external_ca': None, 'external_ca_type': None, 'ssh_trust_dns': None, 'domain_name': None, 'idmax': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'ca_signing_algorithm': None, 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'forwarders': None, 'idstart': None, 'realm_name': None, 'pkinit_cert_name': None, 'no_ssh': None, 'external_cert_files': None, 'no_hbac_allow': None, 'dirsrv_cert_name': None, 'ca_cert_files': None, 'zonemgr': None, 'quiet': False, 'setup_dns': None, 'host_name': None, 'log_file': None, 'reverse_zones': None, 'uninstall': False}
ipa.ipapython.install.cli.install_tool(Server): DEBUG IPA version 4.2.3-1.1.fc23
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/sbin/selinuxenabled'
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=
ipa : DEBUG stderr=
The log file for this installation can be found in /var/log/ipaserver-install.log
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG httpd is not configured
ipa : DEBUG kadmin is not configured
ipa : DEBUG dirsrv is configured
ipa : DEBUG pki-cad is not configured
ipa : DEBUG pki-tomcatd is configured
ipa : DEBUG install is not configured
ipa : DEBUG krb5kdc is not configured
ipa : DEBUG ntpd is configured
ipa : DEBUG named is not configured
ipa : DEBUG ipa_memcached is not configured
ipa : DEBUG filestore has files
ipa.ipapython.install.cli.install_tool(Server): DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 307, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 292, in run
self.validate()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 301, in validate
for nothing in self._validator():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 356, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 346, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from
raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 535, in _configure
validator.next()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 356, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 435, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 432, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 346, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from
raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
for nothing in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1283, in main
install_check(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 257, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 316, in install_check
sys.exit("IPA server is already configured on this system.\n"
ipa.ipapython.install.cli.install_tool(Server): DEBUG The ipa-server-install command failed, exception: SystemExit: IPA server is already configured on this system.
If you want to reinstall the IPA server, please uninstall it first using 'ipa-server-install --uninstall'.
ipa.ipapython.install.cli.install_tool(Server): ERROR IPA server is already configured on this system.
If you want to reinstall the IPA server, please uninstall it first using 'ipa-server-install --uninstall'.
[root at obelix ~]# ipa-server-install --uninstall
This is a NON REVERSIBLE operation and will delete all data and configuration!
Are you sure you want to continue with the uninstall procedure? [no]: yes
Shutting down all IPA services
Removing IPA client configuration
Unconfiguring ntpd
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
Unconfiguring CA
Unconfiguring directory server
[root at obelix ~]# ipa-server-install -v
ipa.ipapython.install.cli.install_tool(Server): DEBUG Logging to /var/log/ipaserver-install.log
ipa.ipapython.install.cli.install_tool(Server): DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'verbose': True, 'ip_addresses': None, 'domainlevel': None, 'mkhomedir': None, 'no_pkinit': None, 'http_cert_files': None, 'no_ntp': None, 'subject': None, 'no_forwarders': None, 'external_ca': None, 'external_ca_type': None, 'ssh_trust_dns': None, 'domain_name': None, 'idmax': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'ca_signing_algorithm': None, 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'forwarders': None, 'idstart': None, 'realm_name': None, 'pkinit_cert_name': None, 'no_ssh': None, 'external_cert_files': None, 'no_hbac_allow': None, 'dirsrv_cert_name': None, 'ca_cert_files': None, 'zonemgr': None, 'quiet': False, 'setup_dns': None, 'host_name': None, 'log_file': None, 'reverse_zones': None, 'uninstall': False}
ipa.ipapython.install.cli.install_tool(Server): DEBUG IPA version 4.2.3-1.1.fc23
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/sbin/selinuxenabled'
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=
ipa : DEBUG stderr=
The log file for this installation can be found in /var/log/ipaserver-install.log
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG httpd is not configured
ipa : DEBUG kadmin is not configured
ipa : DEBUG dirsrv is not configured
ipa : DEBUG pki-cad is not configured
ipa : DEBUG pki-tomcatd is not configured
ipa : DEBUG install is not configured
ipa : DEBUG krb5kdc is not configured
ipa : DEBUG ntpd is not configured
ipa : DEBUG named is not configured
ipa : DEBUG ipa_memcached is not configured
ipa : DEBUG filestore is tracking no files
ipa : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
==============================================================================
This program will set up the FreeIPA Server.
This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
To accept the default shown in brackets, press the Enter key.
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-enabled' 'chronyd.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=enabled
ipa : DEBUG stderr=
WARNING: conflicting time&date synchronization service 'chronyd' will be disabled
in favor of ntpd
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/sbin/httpd' '-t' '-D' 'DUMP_VHOSTS'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=VirtualHost configuration:
*:8443 obelix.roth.lan (/etc/httpd/conf.d/nss.conf:83)
ipa : DEBUG stderr=
Do you want to configure integrated DNS (BIND)? [no]: yes
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.
Server host name [obelix.roth.lan]:
ipa : DEBUG Check if obelix.roth.lan is a primary hostname for localhost
ipa : DEBUG Primary hostname for localhost: obelix.roth.lan
Warning: skipping DNS resolution of host obelix.roth.lan
ipa : DEBUG will use host_name: obelix.roth.lan
The domain name has been determined based on the host name.
Please confirm the domain name [roth.lan]:
ipa : DEBUG read domain_name: roth.lan
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.
Please provide a realm name [ROTH.LAN]:
ipa : DEBUG read realm_name: ROTH.LAN
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.
Directory Manager password:
Password (confirm):
The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.
IPA admin password:
Password (confirm):
ipa : DEBUG importing all plugin modules in ipalib.plugins...
ipa : DEBUG importing plugin module ipalib.plugins.aci
ipa : DEBUG importing plugin module ipalib.plugins.automember
ipa : DEBUG importing plugin module ipalib.plugins.automount
ipa : DEBUG importing plugin module ipalib.plugins.baseldap
ipa : DEBUG importing plugin module ipalib.plugins.baseuser
ipa : DEBUG importing plugin module ipalib.plugins.batch
ipa : DEBUG importing plugin module ipalib.plugins.caacl
ipa : DEBUG importing plugin module ipalib.plugins.cert
ipa : DEBUG importing plugin module ipalib.plugins.certprofile
ipa : DEBUG importing plugin module ipalib.plugins.config
ipa : DEBUG importing plugin module ipalib.plugins.delegation
ipa : DEBUG importing plugin module ipalib.plugins.dns
ipa : DEBUG importing plugin module ipalib.plugins.domainlevel
ipa : DEBUG importing plugin module ipalib.plugins.group
ipa : DEBUG importing plugin module ipalib.plugins.hbacrule
ipa : DEBUG importing plugin module ipalib.plugins.hbacsvc
ipa : DEBUG importing plugin module ipalib.plugins.hbacsvcgroup
ipa : DEBUG importing plugin module ipalib.plugins.hbactest
ipa : DEBUG importing plugin module ipalib.plugins.host
ipa : DEBUG importing plugin module ipalib.plugins.hostgroup
ipa : DEBUG importing plugin module ipalib.plugins.idrange
ipa : DEBUG importing plugin module ipalib.plugins.idviews
ipa : DEBUG importing plugin module ipalib.plugins.internal
ipa : DEBUG importing plugin module ipalib.plugins.kerberos
ipa : DEBUG importing plugin module ipalib.plugins.krbtpolicy
ipa : DEBUG importing plugin module ipalib.plugins.migration
ipa : DEBUG importing plugin module ipalib.plugins.misc
ipa : DEBUG importing plugin module ipalib.plugins.netgroup
ipa : DEBUG importing plugin module ipalib.plugins.otpconfig
ipa : DEBUG importing plugin module ipalib.plugins.otptoken
ipa : DEBUG importing plugin module ipalib.plugins.otptoken_yubikey
ipa : DEBUG importing plugin module ipalib.plugins.passwd
ipa : DEBUG importing plugin module ipalib.plugins.permission
ipa : DEBUG importing plugin module ipalib.plugins.ping
ipa : DEBUG importing plugin module ipalib.plugins.pkinit
ipa : DEBUG importing plugin module ipalib.plugins.privilege
ipa : DEBUG importing plugin module ipalib.plugins.pwpolicy
ipa : DEBUG Starting external process
ipa : DEBUG args='klist' '-V'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=Kerberos 5 version 1.14
ipa : DEBUG stderr=
ipa : DEBUG importing plugin module ipalib.plugins.radiusproxy
ipa : DEBUG importing plugin module ipalib.plugins.realmdomains
ipa : DEBUG importing plugin module ipalib.plugins.role
ipa : DEBUG importing plugin module ipalib.plugins.rpcclient
ipa : DEBUG importing plugin module ipalib.plugins.selfservice
ipa : DEBUG importing plugin module ipalib.plugins.selinuxusermap
ipa : DEBUG importing plugin module ipalib.plugins.server
ipa : DEBUG importing plugin module ipalib.plugins.service
ipa : DEBUG importing plugin module ipalib.plugins.servicedelegation
ipa : DEBUG importing plugin module ipalib.plugins.session
ipa.ipalib.session.MemcacheSessionManager: WARNING session memcached servers not running
ipa : DEBUG importing plugin module ipalib.plugins.stageuser
ipa : DEBUG importing plugin module ipalib.plugins.sudocmd
ipa : DEBUG importing plugin module ipalib.plugins.sudocmdgroup
ipa : DEBUG importing plugin module ipalib.plugins.sudorule
ipa : DEBUG importing plugin module ipalib.plugins.topology
ipa : DEBUG importing plugin module ipalib.plugins.trust
ipa : DEBUG importing plugin module ipalib.plugins.user
ipa : DEBUG importing plugin module ipalib.plugins.vault
ipa : DEBUG importing plugin module ipalib.plugins.virtual
ipa : DEBUG importing all plugin modules in ipaserver.plugins...
ipa : DEBUG importing plugin module ipaserver.plugins.dogtag
ipa : DEBUG importing plugin module ipaserver.plugins.join
ipa : DEBUG importing plugin module ipaserver.plugins.ldap2
ipa : DEBUG importing plugin module ipaserver.plugins.rabase
ipa : DEBUG importing plugin module ipaserver.plugins.xmlserver
ipa : DEBUG importing all plugin modules in ipaserver.install.plugins...
ipa : DEBUG importing plugin module ipaserver.install.plugins.adtrust
ipa : DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
ipa : DEBUG importing plugin module ipaserver.install.plugins.dns
ipa : DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
ipa : DEBUG importing plugin module ipaserver.install.plugins.rename_managed
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_idranges
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_pacs
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_passsync
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_referint
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_services
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
ipa : DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
ipa.ipalib.session.SessionAuthManager: DEBUG SessionAuthManager.register: name=jsonserver_session_3021715280
ipa.ipalib.session.SessionAuthManager: DEBUG SessionAuthManager.register: name=xmlserver_session_3021716144
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml'
ipa.ipaserver.rpcserver.xmlserver_session: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.xmlserver_session: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token'
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password'
ipa.ipaserver.rpcserver.login_password: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json'
ipa.ipaserver.rpcserver.jsonserver_kerb: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml'
ipa.ipaserver.rpcserver.xmlserver: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json'
ipa.ipaserver.rpcserver.jsonserver_session: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password'
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos'
ipa.ipaserver.rpcserver.login_kerberos: DEBUG session_auth_duration: 0:20:00
ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG Starting external process
ipa : DEBUG args='/sbin/ip' '-family' 'inet' '-oneline' 'address' 'show'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever
2: eth0 inet 192.168.178.10/24 brd 192.168.178.255 scope global eth0\ valid_lft forever preferred_lft forever
ipa : DEBUG stderr=
Do you want to configure DNS forwarders? [yes]:
Enter an IP address for a DNS forwarder, or press Enter to skip: 192.168.178.254
DNS forwarder 192.168.178.254 added. You may add another.
Enter an IP address for a DNS forwarder, or press Enter to skip:
Checking DNS forwarders, please wait ...
ipa : DEBUG Checking DNS server: 192.168.178.254
ipa : DEBUG will use dns_forwarders: ['192.168.178.254']
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [178.168.192.in-addr.arpa.]:
Using reverse zone(s) 178.168.192.in-addr.arpa.
The IPA Master Server will be configured with:
Hostname: obelix.roth.lan
IP address(es): 192.168.178.10
Domain name: roth.lan
Realm name: ROTH.LAN
BIND DNS server will be configured to serve IPA domain with:
Forwarders: 192.168.178.254
Reverse zone(s): 178.168.192.in-addr.arpa.
Continue to configure the system with these values? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
ipa : DEBUG Backing up system configuration file '/etc/hosts'
ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
ipa.ipaplatform.base.tasks: DEBUG group dirsrv exists
ipa.ipaplatform.base.tasks: DEBUG user dirsrv exists
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-enabled' 'chronyd.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=enabled
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'chronyd.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'stop' 'chronyd.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'disable' 'chronyd.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Configuring NTP daemon (ntpd)
Configuring NTP daemon (ntpd)
ipa : DEBUG [1/4]: stopping ntpd
[1/4]: stopping ntpd
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'ntpd.service'
ipa : DEBUG Process finished, return code=3
ipa : DEBUG stdout=unknown
ipa : DEBUG stderr=
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'stop' 'ntpd.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [2/4]: writing configuration
[2/4]: writing configuration
ipa : DEBUG Backing up system configuration file '/etc/ntp.conf'
ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG Backing up system configuration file '/etc/sysconfig/ntpd'
ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [3/4]: configuring ntpd to start on boot
[3/4]: configuring ntpd to start on boot
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-enabled' 'ntpd.service'
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=disabled
ipa : DEBUG stderr=
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'enable' 'ntpd.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [4/4]: starting ntpd
[4/4]: starting ntpd
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'start' 'ntpd.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'ntpd.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG duration: 0 seconds
ipa : DEBUG Done configuring NTP daemon (ntpd).
Done configuring NTP daemon (ntpd).
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute
Configuring directory server (dirsrv). Estimated time: 1 minute
ipa : DEBUG [1/43]: creating directory server user
[1/43]: creating directory server user
ipa.ipaplatform.base.tasks: DEBUG group dirsrv exists
ipa.ipaplatform.base.tasks: DEBUG user dirsrv exists
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [2/43]: creating directory server instance
[2/43]: creating directory server instance
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG
dn: dc=roth,dc=lan
objectClass: top
objectClass: domain
objectClass: pilotObject
dc: roth
info: IPA V2.0
ipa : DEBUG writing inf template
ipa : DEBUG
[General]
FullMachineName= obelix.roth.lan
SuiteSpotUserID= dirsrv
SuiteSpotGroup= dirsrv
ServerRoot= /usr/lib/dirsrv
[slapd]
ServerPort= 389
ServerIdentifier= ROTH-LAN
Suffix= dc=roth,dc=lan
RootDN= cn=Directory Manager
InstallLdifFile= /var/lib/dirsrv/boot.ldif
inst_dir= /var/lib/dirsrv/scripts-ROTH-LAN
ipa : DEBUG calling setup-ds.pl
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/sbin/setup-ds.pl' '--silent' '--logfile' '-' '-f' '/tmp/tmpUdvFsg'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=[16/01/08:20:41:50] - [Setup] Info Your new DS instance 'ROTH-LAN' was successfully created.
Your new DS instance 'ROTH-LAN' was successfully created.
[16/01/08:20:41:50] - [Setup] Success Exiting . . .
Log file is '-'
Exiting . . .
Log file is '-'
ipa : DEBUG stderr=
ipa : DEBUG completed creating ds instance
ipa : DEBUG restarting ds instance
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' '--system' 'daemon-reload'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'restart' 'dirsrv at ROTH-LAN.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG wait_for_open_ports: localhost [389] timeout 1200
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG done restarting ds instance
ipa : DEBUG duration: 12 seconds
ipa : DEBUG [3/43]: adding default schema
[3/43]: adding default schema
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [4/43]: enabling memberof plugin
[4/43]: enabling memberof plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/memberof-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp6Mocom'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=replace nsslapd-pluginenabled:
on
add memberofgroupattr:
memberUser
add memberofgroupattr:
memberHost
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [5/43]: enabling winsync plugin
[5/43]: enabling winsync plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/ipa-winsync-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpUEyIUy'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa-winsync
add nsslapd-pluginpath:
libipa_winsync
add nsslapd-plugininitfunc:
ipa_winsync_plugin_init
add nsslapd-pluginDescription:
Allows IPA to work with the DS windows sync feature
add nsslapd-pluginid:
ipa-winsync
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-plugin-depends-on-type:
database
add ipaWinSyncRealmFilter:
(objectclass=krbRealmContainer)
add ipaWinSyncRealmAttr:
cn
add ipaWinSyncNewEntryFilter:
(cn=ipaConfig)
add ipaWinSyncNewUserOCAttr:
ipauserobjectclasses
add ipaWinSyncUserFlatten:
true
add ipaWinsyncHomeDirAttr:
ipaHomesRootDir
add ipaWinsyncLoginShellAttr:
ipaDefaultLoginShell
add ipaWinSyncDefaultGroupAttr:
ipaDefaultPrimaryGroup
add ipaWinSyncDefaultGroupFilter:
(gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
add ipaWinSyncAcctDisable:
both
add ipaWinSyncForceSync:
true
add ipaWinSyncUserAttr:
uidNumber -1
gidNumber -1
adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [6/43]: configuring replication version plugin
[6/43]: configuring replication version plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/version-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpWpBh8z'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Version Replication
add nsslapd-pluginpath:
libipa_repl_version
add nsslapd-plugininitfunc:
repl_version_plugin_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
off
add nsslapd-pluginid:
ipa_repl_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Replication version plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-plugin-depends-on-named:
Multimaster Replication Plugin
adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [7/43]: enabling IPA enrollment plugin
[7/43]: enabling IPA enrollment plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp3HP1bx' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpq4Y1dy'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa_enrollment_extop
add nsslapd-pluginpath:
libipa_enrollment_extop
add nsslapd-plugininitfunc:
ipaenrollment_init
add nsslapd-plugintype:
extendedop
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_enrollment_extop
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
RedHat
add nsslapd-plugindescription:
Enroll hosts into the IPA domain
add nsslapd-plugin-depends-on-type:
database
add nsslapd-realmTree:
dc=roth,dc=lan
adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [8/43]: enabling ldapi
[8/43]: enabling ldapi
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpKsoCNx' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpdhDdDJ'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=replace nsslapd-ldapilisten:
on
modifying entry "cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [9/43]: configuring uniqueness plugin
[9/43]: configuring uniqueness plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpuXuZuI' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpA2mgzm'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
krbPrincipalName uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
krbPrincipalName
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=roth,dc=lan
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=roth,dc=lan
add uniqueness-across-all-subtrees:
on
adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
krbCanonicalName uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
krbCanonicalName
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=roth,dc=lan
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=roth,dc=lan
add uniqueness-across-all-subtrees:
on
adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
netgroup uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
cn
add uniqueness-subtrees:
cn=ng,cn=alt,dc=roth,dc=lan
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipaUniqueID uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
ipaUniqueID
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=roth,dc=lan
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=roth,dc=lan
add uniqueness-across-all-subtrees:
on
adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
sudorule name uniqueness
add nsslapd-pluginDescription:
Enforce unique attribute values
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
cn
add uniqueness-subtrees:
cn=sudorules,cn=sudo,dc=roth,dc=lan
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [10/43]: configuring uuid plugin
[10/43]: configuring uuid plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/uuid-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpvVIf09'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA UUID
add nsslapd-pluginpath:
libipa_uuid
add nsslapd-plugininitfunc:
ipauuid_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipauuid_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA UUID plugin
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA UUID,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpyrgfiL' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpuAP0El'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
IPA Unique IDs
add ipaUuidAttr:
ipaUniqueID
add ipaUuidMagicRegen:
autogenerate
add ipaUuidFilter:
(|(objectclass=ipaObject)(objectclass=ipaAssociation))
add ipaUuidScope:
dc=roth,dc=lan
add ipaUuidEnforce:
TRUE
adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete
add objectclass:
top
extensibleObject
add cn:
IPK11 Unique IDs
add ipaUuidAttr:
ipk11UniqueID
add ipaUuidMagicRegen:
autogenerate
add ipaUuidFilter:
(objectclass=ipk11Object)
add ipaUuidScope:
dc=roth,dc=lan
add ipaUuidEnforce:
FALSE
adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [11/43]: configuring modrdn plugin
[11/43]: configuring modrdn plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/modrdn-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpX5ZqnO'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA MODRDN
add nsslapd-pluginpath:
libipa_modrdn
add nsslapd-plugininitfunc:
ipamodrdn_init
add nsslapd-plugintype:
betxnpostoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipamodrdn_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA MODRDN plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginPrecedence:
60
adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp01xZ9m' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp_MoMSW'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
Kerberos Principal Name
add ipaModRDNsourceAttr:
uid
add ipaModRDNtargetAttr:
krbPrincipalName
add ipaModRDNsuffix:
@ROTH.LAN
add ipaModRDNfilter:
(&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
dc=roth,dc=lan
adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [12/43]: configuring DNS plugin
[12/43]: configuring DNS plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/ipa-dns-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpgUxX1U'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsslapdPlugin
extensibleObject
add cn:
IPA DNS
add nsslapd-plugindescription:
IPA DNS support plugin
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_dns
add nsslapd-plugininitfunc:
ipadns_init
add nsslapd-pluginpath:
libipa_dns.so
add nsslapd-plugintype:
preoperation
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-pluginversion:
1.0
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA DNS,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [13/43]: enabling entryUSN plugin
[13/43]: enabling entryUSN plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/entryusn.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpLTJ62j'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=replace nsslapd-entryusn-global:
on
modifying entry "cn=config"
modify complete
replace nsslapd-entryusn-import-initval:
next
modifying entry "cn=config"
modify complete
replace nsslapd-pluginenabled:
on
modifying entry "cn=USN,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [14/43]: configuring lockout plugin
[14/43]: configuring lockout plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/lockout-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpfYjXtE'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Lockout
add nsslapd-pluginpath:
libipa_lockout
add nsslapd-plugininitfunc:
ipalockout_init
add nsslapd-plugintype:
object
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipalockout_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Lockout plugin
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [15/43]: creating indices
[15/43]: creating indices
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/indices.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp34o4Wg'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectClass:
top
nsIndex
add cn:
krbPrincipalName
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
ou
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
carLicense
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
title
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
manager
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
secretary
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
displayname
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add nsIndexType:
sub
modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
uidnumber
add nsSystemIndex:
false
add nsIndexType:
eq
add nsMatchingRule:
integerOrderingMatch
adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
gidnumber
add nsSystemIndex:
false
add nsIndexType:
eq
add nsMatchingRule:
integerOrderingMatch
adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
replace nsIndexType:
eq
pres
modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
replace nsIndexType:
eq
pres
modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add ObjectClass:
top
nsIndex
add cn:
fqdn
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add ObjectClass:
top
nsIndex
add cn:
macAddress
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberHost
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberUser
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
sourcehost
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberservice
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
managedby
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberallowcmd
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberdenycmd
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipasudorunas
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipasudorunasgroup
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
automountkey
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipakrbprincipalalias
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipauniqueid
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipaMemberCa
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipaMemberCertProfile
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
userCertificate
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 1 seconds
ipa : DEBUG [16/43]: enabling referential integrity plugin
[16/43]: enabling referential integrity plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/referint-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpJ20WdM'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=replace nsslapd-pluginenabled:
on
modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [17/43]: configuring certmap.conf
[17/43]: configuring certmap.conf
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [18/43]: configure autobind for root
[18/43]: configure autobind for root
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/root-autobind.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpVMe_iO'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectClass:
extensibleObject
top
add cn:
root-autobind
add uidNumber:
0
add gidNumber:
0
adding new entry "cn=root-autobind,cn=config"
modify complete
replace nsslapd-ldapiautobind:
on
modifying entry "cn=config"
modify complete
replace nsslapd-ldapimaptoentries:
on
modifying entry "cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [19/43]: configure new location for managed entries
[19/43]: configure new location for managed entries
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpOGLw55' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpnal0k3'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add nsslapd-pluginConfigArea:
cn=Definitions,cn=Managed Entries,cn=etc,dc=roth,dc=lan
modifying entry "cn=Managed Entries,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [20/43]: configure dirsrv ccache
[20/43]: configure dirsrv ccache
ipa : DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/sbin/selinuxenabled'
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [21/43]: enable SASL mapping fallback
[21/43]: enable SASL mapping fallback
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpbDUt23' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpZSrgYZ'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
on
modifying entry "cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [22/43]: restarting directory server
[22/43]: restarting directory server
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' '--system' 'daemon-reload'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'restart' 'dirsrv at ROTH-LAN.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG wait_for_open_ports: localhost [389] timeout 1200
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG duration: 5 seconds
ipa : DEBUG [23/43]: adding default layout
[23/43]: adding default layout
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp_ccxo4' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpDkQVxq'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectClass:
top
nsContainer
add cn:
accounts
adding new entry "cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
users
adding new entry "cn=users,cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
groups
adding new entry "cn=groups,cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
services
adding new entry "cn=services,cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
computers
adding new entry "cn=computers,cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
hostgroups
adding new entry "cn=hostgroups,cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
add cn:
alt
adding new entry "cn=alt,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
add cn:
ng
adding new entry "cn=ng,cn=alt,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
add cn:
automount
adding new entry "cn=automount,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
add cn:
default
adding new entry "cn=default,cn=automount,dc=roth,dc=lan"
modify complete
add objectClass:
automountMap
add automountMapName:
auto.master
adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=roth,dc=lan"
modify complete
add objectClass:
automountMap
add automountMapName:
auto.direct
adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=roth,dc=lan"
modify complete
add objectClass:
automount
add automountKey:
/-
add automountInformation:
auto.direct
add description:
/- auto.direct
adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
hbac
adding new entry "cn=hbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
hbacservices
adding new entry "cn=hbacservices,cn=hbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
hbacservicegroups
adding new entry "cn=hbacservicegroups,cn=hbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
sudo
adding new entry "cn=sudo,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
sudocmds
adding new entry "cn=sudocmds,cn=sudo,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
sudocmdgroups
adding new entry "cn=sudocmdgroups,cn=sudo,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
sudorules
adding new entry "cn=sudorules,cn=sudo,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
etc
adding new entry "cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
sysaccounts
adding new entry "cn=sysaccounts,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
ipa
adding new entry "cn=ipa,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
masters
adding new entry "cn=masters,cn=ipa,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
replicas
adding new entry "cn=replicas,cn=ipa,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
dna
adding new entry "cn=dna,cn=ipa,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
posix-ids
adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
ca_renewal
adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
certificates
adding new entry "cn=certificates,cn=ipa,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
s4u2proxy
adding new entry "cn=s4u2proxy,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
ipaKrb5DelegationACL
groupOfPrincipals
top
add cn:
ipa-http-delegation
add memberPrincipal:
HTTP/obelix.roth.lan at ROTH.LAN
add ipaAllowedTarget:
cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=roth,dc=lan
cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=roth,dc=lan
adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
groupOfPrincipals
top
add cn:
ipa-ldap-delegation-targets
add memberPrincipal:
ldap/obelix.roth.lan at ROTH.LAN
adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
groupOfPrincipals
top
add cn:
ipa-cifs-delegation-targets
adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
top
person
posixaccount
krbprincipalaux
krbticketpolicyaux
inetuser
ipaobject
ipasshuser
add uid:
admin
add krbPrincipalName:
admin at ROTH.LAN
add cn:
Administrator
add sn:
Administrator
add uidNumber:
231200000
add gidNumber:
231200000
add homeDirectory:
/home/admin
add loginShell:
/bin/bash
add gecos:
Administrator
add nsAccountLock:
FALSE
add ipaUniqueID:
autogenerate
adding new entry "uid=admin,cn=users,cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
posixgroup
ipausergroup
ipaobject
add cn:
admins
add description:
Account administrators group
add gidNumber:
231200000
add member:
uid=admin,cn=users,cn=accounts,dc=roth,dc=lan
add nsAccountLock:
FALSE
add ipaUniqueID:
autogenerate
adding new entry "cn=admins,cn=groups,cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
ipausergroup
ipaobject
add description:
Default group for all users
add cn:
ipausers
add ipaUniqueID:
autogenerate
adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
posixgroup
ipausergroup
ipaobject
add gidNumber:
231200002
add description:
Limited admins who can edit other users
add cn:
editors
add ipaUniqueID:
autogenerate
adding new entry "cn=editors,cn=groups,cn=accounts,dc=roth,dc=lan"
modify complete
add objectclass:
ipahbacservice
ipaobject
add cn:
sshd
add description:
sshd
add ipauniqueid:
autogenerate
adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=roth,dc=lan"
modify complete
add objectclass:
ipahbacservice
ipaobject
add cn:
ftp
add description:
ftp
add ipauniqueid:
autogenerate
adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=roth,dc=lan"
modify complete
add objectclass:
ipahbacservice
ipaobject
add cn:
su
add description:
su
add ipauniqueid:
autogenerate
adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=roth,dc=lan"
modify complete
add objectclass:
ipahbacservice
ipaobject
add cn:
login
add description:
login
add ipauniqueid:
autogenerate
adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=roth,dc=lan"
modify complete
add objectclass:
ipahbacservice
ipaobject
add cn:
su-l
add description:
su with login shell
add ipauniqueid:
autogenerate
adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=roth,dc=lan"
modify complete
add objectclass:
ipahbacservice
ipaobject
add cn:
sudo
add description:
sudo
add ipauniqueid:
autogenerate
adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=roth,dc=lan"
modify complete
add objectclass:
ipahbacservice
ipaobject
add cn:
sudo-i
add description:
sudo-i
add ipauniqueid:
autogenerate
adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=roth,dc=lan"
modify complete
add objectclass:
ipahbacservice
ipaobject
add cn:
gdm
add description:
gdm
add ipauniqueid:
autogenerate
adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=roth,dc=lan"
modify complete
add objectclass:
ipahbacservice
ipaobject
add cn:
gdm-password
add description:
gdm-password
add ipauniqueid:
autogenerate
adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=roth,dc=lan"
modify complete
add objectclass:
ipahbacservice
ipaobject
add cn:
kdm
add description:
kdm
add ipauniqueid:
autogenerate
adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=roth,dc=lan"
modify complete
add objectClass:
ipaobject
ipahbacservicegroup
nestedGroup
groupOfNames
top
add cn:
Sudo
add ipauniqueid:
autogenerate
add description:
Default group of Sudo related services
add member:
cn=sudo,cn=hbacservices,cn=hbac,dc=roth,dc=lan
cn=sudo-i,cn=hbacservices,cn=hbac,dc=roth,dc=lan
adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
ipaGuiConfig
ipaConfigObject
add ipaUserSearchFields:
uid,givenname,sn,telephonenumber,ou,title
add ipaGroupSearchFields:
cn,description
add ipaSearchTimeLimit:
2
add ipaSearchRecordsLimit:
100
add ipaHomesRootDir:
/home
add ipaDefaultLoginShell:
/bin/sh
add ipaDefaultPrimaryGroup:
ipausers
add ipaMaxUsernameLength:
32
add ipaPwdExpAdvNotify:
4
add ipaGroupObjectClasses:
top
groupofnames
nestedgroup
ipausergroup
ipaobject
add ipaUserObjectClasses:
top
person
organizationalperson
inetorgperson
inetuser
posixaccount
krbprincipalaux
krbticketpolicyaux
ipaobject
ipasshuser
add ipaDefaultEmailDomain:
roth.lan
add ipaMigrationEnabled:
FALSE
add ipaConfigString:
AllowNThash
add ipaSELinuxUserMapOrder:
guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
add ipaSELinuxUserMapDefault:
unconfined_u:s0-s0:c0.c1023
adding new entry "cn=ipaConfig,cn=etc,dc=roth,dc=lan"
modify complete
add objectclass:
top
nsContainer
add cn:
cosTemplates
adding new entry "cn=cosTemplates,cn=accounts,dc=roth,dc=lan"
modify complete
add description:
Password Policy based on group membership
add objectClass:
top
ldapsubentry
cosSuperDefinition
cosClassicDefinition
add cosTemplateDn:
cn=cosTemplates,cn=accounts,dc=roth,dc=lan
add cosAttribute:
krbPwdPolicyReference override
add cosSpecifier:
memberOf
adding new entry "cn=Password Policy,cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
selinux
adding new entry "cn=selinux,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
usermap
adding new entry "cn=usermap,cn=selinux,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
ranges
adding new entry "cn=ranges,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
top
ipaIDrange
ipaDomainIDRange
add cn:
ROTH.LAN_id_range
add ipaBaseID:
231200000
add ipaIDRangeSize:
200000
add ipaRangeType:
ipa-local
adding new entry "cn=ROTH.LAN_id_range,cn=ranges,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
ca
adding new entry "cn=ca,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
certprofiles
adding new entry "cn=certprofiles,cn=ca,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
caacls
adding new entry "cn=caacls,cn=ca,dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 1 seconds
ipa : DEBUG [24/43]: adding delegation layout
[24/43]: adding delegation layout
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpEicz6z' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpkZQCLa'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectClass:
top
nsContainer
add cn:
roles
adding new entry "cn=roles,cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
pbac
adding new entry "cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
privileges
adding new entry "cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
permissions
adding new entry "cn=permissions,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
helpdesk
add description:
Helpdesk
adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
User Administrators
add description:
User Administrators
adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Group Administrators
add description:
Group Administrators
adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Host Administrators
add description:
Host Administrators
adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Host Group Administrators
add description:
Host Group Administrators
adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Delegation Administrator
add description:
Role administration
adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Service Administrators
add description:
Service Administrators
adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Automount Administrators
add description:
Automount Administrators
adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Netgroups Administrators
add description:
Netgroups Administrators
adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Certificate Administrators
add description:
Certificate Administrators
adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Replication Administrators
add description:
Replication Administrators
add member:
cn=admins,cn=groups,cn=accounts,dc=roth,dc=lan
adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Host Enrollment
add description:
Host Enrollment
adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Stage User Administrators
add description:
Stage User Administrators
adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
nestedgroup
add cn:
Stage User Provisioning
add description:
Stage User Provisioning
adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
ipapermission
add cn:
Add Replication Agreements
add ipapermissiontype:
SYSTEM
add member:
cn=Replication Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan
adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
ipapermission
add cn:
Modify Replication Agreements
add ipapermissiontype:
SYSTEM
add member:
cn=Replication Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan
adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
ipapermission
add cn:
Remove Replication Agreements
add ipapermissiontype:
SYSTEM
add member:
cn=Replication Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan
adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
ipapermission
add cn:
Modify DNA Range
add ipapermissiontype:
SYSTEM
add member:
cn=Replication Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan
adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=roth,dc=lan"
modify complete
add objectClass:
top
nsContainer
add cn:
virtual operations
adding new entry "cn=virtual operations,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
ipapermission
add cn:
Retrieve Certificates from the CA
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan
adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=roth,dc=lan"
modify complete
add aci:
(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
ipapermission
add cn:
Request Certificate
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan
adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=roth,dc=lan"
modify complete
add aci:
(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
ipapermission
add cn:
Request Certificates from a different host
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan
adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=roth,dc=lan"
modify complete
add aci:
(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
ipapermission
add cn:
Get Certificates status from the CA
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan
adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=roth,dc=lan"
modify complete
add aci:
(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
ipapermission
add cn:
Revoke Certificate
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan
adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=roth,dc=lan"
modify complete
add aci:
(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "dc=roth,dc=lan"
modify complete
add objectClass:
top
groupofnames
ipapermission
add cn:
Certificate Remove Hold
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan
adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=roth,dc=lan"
modify complete
add aci:
(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [25/43]: creating container for managed entries
[25/43]: creating container for managed entries
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpsxyOok' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmphI9lIm'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectClass:
nsContainer
top
add cn:
Managed Entries
adding new entry "cn=Managed Entries,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
Templates
adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=roth,dc=lan"
modify complete
add objectClass:
nsContainer
top
add cn:
Definitions
adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [26/43]: configuring user private groups
[26/43]: configuring user private groups
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpMjSDe2' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp4R7gQ0'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
mepTemplateEntry
add cn:
UPG Template
add mepRDNAttr:
cn
add mepStaticAttr:
objectclass: posixgroup
objectclass: ipaobject
ipaUniqueId: autogenerate
add mepMappedAttr:
cn: $uid
gidNumber: $uidNumber
description: User private group for $uid
adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=roth,dc=lan"
modify complete
add objectclass:
extensibleObject
add cn:
UPG Definition
add originScope:
cn=users,cn=accounts,dc=roth,dc=lan
add originFilter:
(&(objectclass=posixAccount)(!(description=__no_upg__)))
add managedBase:
cn=groups,cn=accounts,dc=roth,dc=lan
add managedTemplate:
cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=roth,dc=lan
adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [27/43]: configuring netgroups from hostgroups
[27/43]: configuring netgroups from hostgroups
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpELw32p' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpnnTSNw'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
mepTemplateEntry
add cn:
NGP HGP Template
add mepRDNAttr:
cn
add mepStaticAttr:
ipaUniqueId: autogenerate
objectclass: ipanisnetgroup
objectclass: ipaobject
nisDomainName: roth.lan
add mepMappedAttr:
cn: $cn
memberHost: $dn
description: ipaNetgroup $cn
adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=roth,dc=lan"
modify complete
add objectclass:
extensibleObject
add cn:
NGP Definition
add originScope:
cn=hostgroups,cn=accounts,dc=roth,dc=lan
add originFilter:
objectclass=ipahostgroup
add managedBase:
cn=ng,cn=alt,dc=roth,dc=lan
add managedTemplate:
cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=roth,dc=lan
adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [28/43]: creating default Sudo bind user
[28/43]: creating default Sudo bind user
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpTSXbhn' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpgS1_DY'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
account
simplesecurityobject
add uid:
sudo
add userPassword:
XXXXXXXX
add passwordExpirationTime:
20380119031407Z
add nsIdleTimeout:
0
adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [29/43]: creating default Auto Member layout
[29/43]: creating default Auto Member layout
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpSjcPpT' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpqRJAa7'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add nsslapd-pluginConfigArea:
cn=automember,cn=etc,dc=roth,dc=lan
modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsContainer
add cn:
automember
adding new entry "cn=automember,cn=etc,dc=roth,dc=lan"
modify complete
add objectclass:
autoMemberDefinition
add cn:
Hostgroup
add autoMemberScope:
cn=computers,cn=accounts,dc=roth,dc=lan
add autoMemberFilter:
objectclass=ipaHost
add autoMemberGroupingAttr:
member:dn
adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=roth,dc=lan"
modify complete
add objectclass:
autoMemberDefinition
add cn:
Group
add autoMemberScope:
cn=users,cn=accounts,dc=roth,dc=lan
add autoMemberFilter:
objectclass=posixAccount
add autoMemberGroupingAttr:
member:dn
adding new entry "cn=Group,cn=automember,cn=etc,dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [30/43]: adding range check plugin
[30/43]: adding range check plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpPnp75Q' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmptZHS0y'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Range-Check
add nsslapd-pluginpath:
libipa_range_check
add nsslapd-plugininitfunc:
ipa_range_check_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_range_check_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Range-Check plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-basedn:
dc=roth,dc=lan
adding new entry "cn=IPA Range-Check,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [31/43]: creating default HBAC rule allow_all
[31/43]: creating default HBAC rule allow_all
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpv0pqUO' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpHZ6m67'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
ipaassociation
ipahbacrule
add cn:
allow_all
add accessruletype:
allow
add usercategory:
all
add hostcategory:
all
add servicecategory:
all
add ipaenabledflag:
TRUE
add description:
Allow all users to access any host from any host
add ipauniqueid:
autogenerate
adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [32/43]: creating default CA ACL rule
[32/43]: creating default CA ACL rule
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpvt7h08' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpRZPOSx'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
ipaassociation
ipacaacl
add ipauniqueid:
autogenerate
add cn:
hosts_services_caIPAserviceCert
add ipaenabledflag:
TRUE
add ipamembercertprofile:
cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=roth,dc=lan
add hostcategory:
all
add servicecategory:
all
adding new entry "ipauniqueid=autogenerate,cn=caacls,cn=ca,dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [33/43]: adding entries for topology management
[33/43]: adding entries for topology management
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp_F7JSI' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp6GjPz0'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsContainer
add cn:
topology
adding new entry "cn=topology,cn=ipa,cn=etc,dc=roth,dc=lan"
modify complete
add objectclass:
top
iparepltopoconf
add ipaReplTopoConfRoot:
dc=roth,dc=lan
add cn:
realm
adding new entry "cn=realm,cn=topology,cn=ipa,cn=etc,dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [34/43]: initializing group membership
[34/43]: initializing group membership
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpXv7qNg' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp67fnju'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectClass:
top
extensibleObject
add cn:
IPA install
add basedn:
dc=roth,dc=lan
add filter:
(objectclass=*)
add ttl:
10
adding new entry "cn=IPA install 1452256902, cn=memberof task, cn=tasks, cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG Waiting for memberof task to complete.
ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldap://obelix.roth.lan:389 from SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldap://obelix.roth.lan:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xb3c3bcd8>
ipa : DEBUG duration: 3 seconds
ipa : DEBUG [35/43]: adding master entry
[35/43]: adding master entry
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpUOmJCt' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp0tbChz'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsContainer
ipaReplTopoManagedServer
ipaConfigObject
ipaSupportedDomainLevelConfig
add cn:
obelix.roth.lan
add ipaReplTopoManagedSuffix:
dc=roth,dc=lan
add ipaMinDomainLevel:
0
add ipaMaxDomainLevel:
0
adding new entry "cn=obelix.roth.lan,cn=masters,cn=ipa,cn=etc,dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [36/43]: initializing domain level
[36/43]: initializing domain level
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp40LGsl' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp0_FPa9'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectClass:
top
nsContainer
ipaDomainLevelConfig
add ipaDomainLevel:
0
adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=roth,dc=lan"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [37/43]: configuring Posix uid/gid generation
[37/43]: configuring Posix uid/gid generation
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpt2Wh3_' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp0JrCca'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
Posix IDs
add dnaType:
uidNumber
gidNumber
add dnaNextValue:
231200000
add dnaMaxValue:
231399999
add dnaMagicRegen:
-1
add dnaFilter:
(|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject))
add dnaScope:
dc=roth,dc=lan
add dnaThreshold:
500
add dnaSharedCfgDN:
cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=roth,dc=lan
adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [38/43]: adding replication acis
[38/43]: adding replication acis
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpDIgpeD' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpZdFxtU'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add aci:
(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "cn="dc=roth,dc=lan",cn=mapping tree,cn=config"
modify complete
add aci:
(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "cn="dc=roth,dc=lan",cn=mapping tree,cn=config"
modify complete
add aci:
(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "cn="dc=roth,dc=lan",cn=mapping tree,cn=config"
modify complete
add aci:
(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
modify complete
add aci:
(targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add aci:
(targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan";)
modifying entry "cn=tasks,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [39/43]: enabling compatibility plugin
[39/43]: enabling compatibility plugin
ipa : DEBUG importing all plugin modules in ipalib.plugins...
ipa : DEBUG importing plugin module ipalib.plugins.aci
ipa : DEBUG importing plugin module ipalib.plugins.automember
ipa : DEBUG importing plugin module ipalib.plugins.automount
ipa : DEBUG importing plugin module ipalib.plugins.baseldap
ipa : DEBUG importing plugin module ipalib.plugins.baseuser
ipa : DEBUG importing plugin module ipalib.plugins.batch
ipa : DEBUG importing plugin module ipalib.plugins.caacl
ipa : DEBUG importing plugin module ipalib.plugins.cert
ipa : DEBUG importing plugin module ipalib.plugins.certprofile
ipa : DEBUG importing plugin module ipalib.plugins.config
ipa : DEBUG importing plugin module ipalib.plugins.delegation
ipa : DEBUG importing plugin module ipalib.plugins.dns
ipa : DEBUG importing plugin module ipalib.plugins.domainlevel
ipa : DEBUG importing plugin module ipalib.plugins.group
ipa : DEBUG importing plugin module ipalib.plugins.hbacrule
ipa : DEBUG importing plugin module ipalib.plugins.hbacsvc
ipa : DEBUG importing plugin module ipalib.plugins.hbacsvcgroup
ipa : DEBUG importing plugin module ipalib.plugins.hbactest
ipa : DEBUG importing plugin module ipalib.plugins.host
ipa : DEBUG importing plugin module ipalib.plugins.hostgroup
ipa : DEBUG importing plugin module ipalib.plugins.idrange
ipa : DEBUG importing plugin module ipalib.plugins.idviews
ipa : DEBUG importing plugin module ipalib.plugins.internal
ipa : DEBUG importing plugin module ipalib.plugins.kerberos
ipa : DEBUG importing plugin module ipalib.plugins.krbtpolicy
ipa : DEBUG importing plugin module ipalib.plugins.migration
ipa : DEBUG importing plugin module ipalib.plugins.misc
ipa : DEBUG importing plugin module ipalib.plugins.netgroup
ipa : DEBUG importing plugin module ipalib.plugins.otpconfig
ipa : DEBUG importing plugin module ipalib.plugins.otptoken
ipa : DEBUG importing plugin module ipalib.plugins.otptoken_yubikey
ipa : DEBUG importing plugin module ipalib.plugins.passwd
ipa : DEBUG importing plugin module ipalib.plugins.permission
ipa : DEBUG importing plugin module ipalib.plugins.ping
ipa : DEBUG importing plugin module ipalib.plugins.pkinit
ipa : DEBUG importing plugin module ipalib.plugins.privilege
ipa : DEBUG importing plugin module ipalib.plugins.pwpolicy
ipa : DEBUG importing plugin module ipalib.plugins.radiusproxy
ipa : DEBUG importing plugin module ipalib.plugins.realmdomains
ipa : DEBUG importing plugin module ipalib.plugins.role
ipa : DEBUG importing plugin module ipalib.plugins.rpcclient
ipa : DEBUG importing plugin module ipalib.plugins.selfservice
ipa : DEBUG importing plugin module ipalib.plugins.selinuxusermap
ipa : DEBUG importing plugin module ipalib.plugins.server
ipa : DEBUG importing plugin module ipalib.plugins.service
ipa : DEBUG importing plugin module ipalib.plugins.servicedelegation
ipa : DEBUG importing plugin module ipalib.plugins.session
ipa : DEBUG importing plugin module ipalib.plugins.stageuser
ipa : DEBUG importing plugin module ipalib.plugins.sudocmd
ipa : DEBUG importing plugin module ipalib.plugins.sudocmdgroup
ipa : DEBUG importing plugin module ipalib.plugins.sudorule
ipa : DEBUG importing plugin module ipalib.plugins.topology
ipa : DEBUG importing plugin module ipalib.plugins.trust
ipa : DEBUG importing plugin module ipalib.plugins.user
ipa : DEBUG importing plugin module ipalib.plugins.vault
ipa : DEBUG importing plugin module ipalib.plugins.virtual
ipa : DEBUG importing all plugin modules in ipaserver.plugins...
ipa : DEBUG importing plugin module ipaserver.plugins.dogtag
ipa : DEBUG importing plugin module ipaserver.plugins.join
ipa : DEBUG importing plugin module ipaserver.plugins.ldap2
ipa : DEBUG importing plugin module ipaserver.plugins.rabase
ipa : DEBUG importing plugin module ipaserver.plugins.xmlserver
ipa : DEBUG importing all plugin modules in ipaserver.install.plugins...
ipa : DEBUG importing plugin module ipaserver.install.plugins.adtrust
ipa : DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
ipa : DEBUG importing plugin module ipaserver.install.plugins.dns
ipa : DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
ipa : DEBUG importing plugin module ipaserver.install.plugins.rename_managed
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_idranges
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_pacs
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_passsync
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_referint
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_services
ipa : DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
ipa : DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
ipa.ipalib.session.SessionAuthManager: DEBUG SessionAuthManager.register: name=jsonserver_session_3014367152
ipa.ipalib.session.SessionAuthManager: DEBUG SessionAuthManager.register: name=xmlserver_session_3014367760
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml'
ipa.ipaserver.rpcserver.xmlserver_session: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.xmlserver_session: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token'
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password'
ipa.ipaserver.rpcserver.login_password: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json'
ipa.ipaserver.rpcserver.jsonserver_kerb: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml'
ipa.ipaserver.rpcserver.xmlserver: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json'
ipa.ipaserver.rpcserver.jsonserver_session: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password'
ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos'
ipa.ipaserver.rpcserver.login_kerberos: DEBUG session_auth_duration: 0:20:00
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_3014366960
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2_3014366960
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_3014366960
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Parsing update file '/usr/share/ipa/schema_compat.uldif'
ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket from SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xb36e9620>
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginid:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-plugin
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Schema Compatibility
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginbetxn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG on
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsSlapdPlugin
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugindescription:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Schema Compatibility Plugin
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginenabled:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG on
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginpath:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG /usr/lib/dirsrv/plugins/schemacompat-plugin.so
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginversion:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 0.8
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginvendor:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG redhat.com
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginprecedence:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 49
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugintype:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG object
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugininitfunc:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema_compat_plugin_init
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginid:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-plugin
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Schema Compatibility
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginbetxn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG on
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsSlapdPlugin
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugindescription:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Schema Compatibility Plugin
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginenabled:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG on
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginpath:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG /usr/lib/dirsrv/plugins/schemacompat-plugin.so
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginversion:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 0.8
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginvendor:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG redhat.com
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginprecedence:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 49
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugintype:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG object
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugininitfunc:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema_compat_plugin_init
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{cn}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixAccount
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:roth.lan:%{ipauniqueid}","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gidNumber=%{gidNumber}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gecos=%{cn}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ipaanchoruuid=%{ipaanchoruuid}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG uidNumber=%{uidNumber}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG loginShell=%{loginShell}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG homeDirectory=%{homeDirectory}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG users
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixAccount
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=users
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG uid=%{uid}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=users, cn=accounts, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{cn}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixAccount
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:roth.lan:%{ipauniqueid}","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gidNumber=%{gidNumber}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gecos=%{cn}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ipaanchoruuid=%{ipaanchoruuid}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG uidNumber=%{uidNumber}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG loginShell=%{loginShell}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG homeDirectory=%{homeDirectory}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG users
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixAccount
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=users
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG uid=%{uid}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=users, cn=accounts, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:roth.lan:%{ipauniqueid}","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gidNumber=%{gidNumber}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG memberUid=%deref_r("member","uid")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixGroup
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG memberUid=%{memberUid}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ipaanchoruuid=%{ipaanchoruuid}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG groups
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixGroup
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=groups
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{cn}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=groups, cn=accounts, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:roth.lan:%{ipauniqueid}","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gidNumber=%{gidNumber}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG memberUid=%deref_r("member","uid")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixGroup
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG memberUid=%{memberUid}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ipaanchoruuid=%{ipaanchoruuid}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG groups
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixGroup
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=groups
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{cn}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=groups, cn=accounts, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'top' to objectClass, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['top']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'extensibleObject' to objectClass, current value ['top']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['top', 'extensibleObject']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'ng' to cn, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['ng']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'cn=compat, dc=roth,dc=lan' to schema-compat-container-group, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['cn=compat, dc=roth,dc=lan']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'cn=ng' to schema-compat-container-rdn, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['cn=ng']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'yes' to schema-compat-check-access, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['yes']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'cn=ng, cn=alt, dc=roth,dc=lan' to schema-compat-search-base, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['cn=ng, cn=alt, dc=roth,dc=lan']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: '(objectclass=ipaNisNetgroup)' to schema-compat-search-filter, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['(objectclass=ipaNisNetgroup)']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'cn=%{cn}' to schema-compat-entry-rdn, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['cn=%{cn}']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'objectclass=nisNetgroup' to schema-compat-entry-attribute, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=nisNetgroup']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'memberNisNetgroup=%deref_r("member","cn")' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})' to schema-compat-entry-attribute, current value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup', 'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG memberNisNetgroup=%deref_r("member","cn")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=nisNetgroup
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-check-access:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG yes
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ng
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (objectclass=ipaNisNetgroup)
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=ng
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{cn}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=ng, cn=alt, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'top' to objectClass, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['top']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'extensibleObject' to objectClass, current value ['top']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['top', 'extensibleObject']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoers' to cn, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoers']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'ou=SUDOers, dc=roth,dc=lan' to schema-compat-container-group, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['ou=SUDOers, dc=roth,dc=lan']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'cn=sudorules, cn=sudo, dc=roth,dc=lan' to schema-compat-search-base, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['cn=sudorules, cn=sudo, dc=roth,dc=lan']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: '(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))' to schema-compat-search-filter, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: '%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")' to schema-compat-entry-rdn, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'objectclass=sudoRole' to schema-compat-entry-attribute, current value []
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=sudoRole']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoOption=%{ipaSudoOpt}' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=sudoRole
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoOption=%{ipaSudoOpt}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoers
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=sudorules, cn=sudo, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ou=SUDOers, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=device
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{fqdn}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG macAddress=%{macAddress}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=ieee802Device
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG computers
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=computers
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%first("%{fqdn}")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=computers, cn=accounts, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=device
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{fqdn}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG macAddress=%{macAddress}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=ieee802Device
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG computers
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=computers
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%first("%{fqdn}")
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=computers, cn=accounts, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Updating existing entry: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG directoryServerFeature
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG aci:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG oid:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 2.16.840.1.113730.3.4.9
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG VLV Request Control
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG only: set aci to '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )', current value ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG only: updated value ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ---------------------------------------------
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG directoryServerFeature
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG aci:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG oid:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 2.16.840.1.113730.3.4.9
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG VLV Request Control
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG [(0, u'aci', ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']), (1, u'aci', ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'])]
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Updated 1
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Done
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2_3014366960
ipa : DEBUG duration: 13 seconds
ipa : DEBUG [40/43]: activating sidgen plugin
[40/43]: activating sidgen plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpD6qUgN' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpWQITIl'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA SIDGEN
add nsslapd-pluginpath:
libipa_sidgen
add nsslapd-plugininitfunc:
ipa_sidgen_init
add nsslapd-plugintype:
postoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_sidgen_postop
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA SIDGEN post operation
add nsslapd-plugin-depends-on-type:
database
add nsslapd-basedn:
dc=roth,dc=lan
adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [41/43]: activating extdom plugin
[41/43]: activating extdom plugin
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpHk9AP8' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpAXLq4i'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa_extdom_extop
add nsslapd-pluginpath:
libipa_extdom_extop
add nsslapd-plugininitfunc:
ipa_extdom_init
add nsslapd-plugintype:
extendedop
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_extdom_extop
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
RedHat
add nsslapd-plugindescription:
Support resolving IDs in trusted domains to names and back
add nsslapd-plugin-depends-on-type:
database
add nsslapd-basedn:
dc=roth,dc=lan
adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [42/43]: tuning directory server
[42/43]: tuning directory server
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/sbin/selinuxenabled'
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' '--system' 'daemon-reload'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' '--system' 'daemon-reload'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'restart' 'dirsrv at ROTH-LAN.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG wait_for_open_ports: localhost [389] timeout 1200
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp7IszmS' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpUoUv86'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=replace nsslapd-maxdescriptors:
8192
replace nsslapd-reservedescriptors:
64
modifying entry "cn=config"
modify complete
ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base )
ipa : DEBUG duration: 6 seconds
ipa : DEBUG [43/43]: configuring directory to start on boot
[43/43]: configuring directory to start on boot
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-enabled' 'dirsrv at ROTH-LAN.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=enabled
ipa : DEBUG stderr=
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'disable' 'dirsrv at ROTH-LAN.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=Removed symlink /etc/systemd/system/dirsrv.target.wants/dirsrv at ROTH-LAN.service.
ipa : DEBUG duration: 0 seconds
ipa : DEBUG Done configuring directory server (dirsrv).
Done configuring directory server (dirsrv).
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds
ipa : DEBUG [1/25]: creating certificate server user
[1/25]: creating certificate server user
ipa.ipaplatform.base.tasks: DEBUG group pkiuser exists
ipa.ipaplatform.base.tasks: DEBUG user pkiuser exists
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [2/25]: configuring certificate server instance
[2/25]: configuring certificate server instance
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
ipa.ipaserver.install.cainstance.CAInstance: DEBUG Contents of pkispawn configuration file (/tmp/tmpL1bltg):
[CA]
pki_security_domain_name = IPA
pki_enable_proxy = True
pki_restart_configured_instance = False
pki_backup_keys = True
pki_backup_password = XXXXXXXX
pki_profiles_in_ldap = True
pki_client_database_dir = /tmp/tmp-Marzji
pki_client_database_password = XXXXXXXX
pki_client_database_purge = False
pki_client_pkcs12_password = XXXXXXXX
pki_admin_name = admin
pki_admin_uid = admin
pki_admin_email = root at localhost
pki_admin_password = XXXXXXXX
pki_admin_nickname = ipa-ca-agent
pki_admin_subject_dn = cn=ipa-ca-agent,O=ROTH.LAN
pki_client_admin_cert_p12 = /root/ca-agent.p12
pki_ds_ldap_port = 389
pki_ds_password = XXXXXXXX
pki_ds_base_dn = o=ipaca
pki_ds_database = ipaca
pki_subsystem_subject_dn = cn=CA Subsystem,O=ROTH.LAN
pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=ROTH.LAN
pki_ssl_server_subject_dn = cn=obelix.roth.lan,O=ROTH.LAN
pki_audit_signing_subject_dn = cn=CA Audit,O=ROTH.LAN
pki_ca_signing_subject_dn = cn=Certificate Authority,O=ROTH.LAN
pki_subsystem_nickname = subsystemCert cert-pki-ca
pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca
pki_ssl_server_nickname = Server-Cert cert-pki-ca
pki_audit_signing_nickname = auditSigningCert cert-pki-ca
pki_ca_signing_nickname = caSigningCert cert-pki-ca
pki_ca_signing_key_algorithm = SHA256withRSA
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpL1bltg'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20160108204231.log
Loading deployment configuration from /tmp/tmpL1bltg.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
==========================================================================
INSTALLATION SUMMARY
==========================================================================
Administrator's username: admin
Administrator's PKCS #12 file:
/root/ca-agent.p12
Administrator's certificate nickname:
ipa-ca-agent
Administrator's certificate database:
/tmp/tmp-Marzji
To check the status of the subsystem:
systemctl status pki-tomcatd at pki-tomcat.service
To restart the subsystem:
systemctl restart pki-tomcatd at pki-tomcat.service
The URL for the subsystem is:
https://obelix.roth.lan:8443/ca
PKI instances will be enabled upon system boot
==========================================================================
ipa : DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
Created symlink from /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target to /usr/lib/systemd/system/pki-tomcatd.target.
ipa.ipaserver.install.cainstance.CAInstance: DEBUG completed creating ca instance
ipa : DEBUG duration: 1011 seconds
ipa : DEBUG [3/25]: stopping certificate server instance to update CS.cfg
[3/25]: stopping certificate server instance to update CS.cfg
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'stop' 'pki-tomcatd at pki-tomcat.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG duration: 4 seconds
ipa : DEBUG [4/25]: backing up CS.cfg
[4/25]: backing up CS.cfg
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
ipa : DEBUG Process finished, return code=3
ipa : DEBUG stdout=inactive
ipa : DEBUG stderr=
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [5/25]: disabling nonces
[5/25]: disabling nonces
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [6/25]: set up CRL publishing
[6/25]: set up CRL publishing
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/sbin/selinuxenabled'
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [7/25]: enable PKIX certificate path discovery and validation
[7/25]: enable PKIX certificate path discovery and validation
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [8/25]: starting certificate server instance
[8/25]: starting certificate server instance
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'start' 'pki-tomcatd at pki-tomcat.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 1200
ipa : DEBUG Waiting until the CA is running
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 20:59:48-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:00:19-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:00:50-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:01:21-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:01:52-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:02:23-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:02:54-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:03:26-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:03:57-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:04:28-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:04:59-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:05:30-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:06:01-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:06:32-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.2.6-13.fc23</Version></XMLResponse>
ipa : DEBUG stderr=--2016-01-08 21:07:04-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
WARNUNG: Das Zertifikat von »obelix.roth.lan« kann nicht geprüft werden, ausgestellt von »»CN=Certificate Authority,O=ROTH.LAN««:.
Ein selbst-signiertes Zertifikat wurde gefunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet …
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 169
Date: Fri, 08 Jan 2016 13:07:16 GMT
Länge: 169 [application/xml]
Wird in »»STDOUT«« gespeichert.
0K 100% 9,14M=0s
2016-01-08 21:07:16 (9,14 MB/s) - auf die Standardausgabe geschrieben [169/169]
ipa : DEBUG The CA status is: running
ipa : DEBUG duration: 469 seconds
ipa : DEBUG [9/25]: creating RA agent certificate database
[9/25]: creating RA agent certificate database
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-N'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [10/25]: importing CA chain to RA certificate database
[10/25]: importing CA chain to RA certificate database
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/openssl' 'pkcs7' '-inform' 'DER' '-print_certs'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=subject=/O=ROTH.LAN/CN=Certificate Authority
issuer=/O=ROTH.LAN/CN=Certificate Authority
-----BEGIN CERTIFICATE-----
MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhST1RI
LkxBTjEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDEwODEy
NTgwMFoXDTM2MDEwODEyNTgwMFowMzERMA8GA1UECgwIUk9USC5MQU4xHjAcBgNV
BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALoOsokQgg7fIEuk/mW77hl1B3ONcjLy/DU68JIB3iLK0BPl8aSs
+6c65gfZKfK1Fm3K4trmbp+18rlaJDX2+5eVu7dB+Grk4YARulozYu6lT9IloCFW
FV6UULQCYLjbrCc5xkrwSsQd5dvckAp01p8KcHpL+vL4E2xD2k4O8jDfXaJWPe16
9OTam/4ukuXPqrQ2P9y8IkIrDMuJhDmgJVQq6bU4114gXWv6RJkgLMFrWlqI42QS
Nnt5l3vh+aewNMiJ2umbWDAg+BwedRsVoctG6PxiywFpNjdpzmMRLWhNuf7NzHVG
1Oh8D2r7GGz2sPMB2m6yttQlokAO29fIY3UCAwEAAaOBozCBoDAfBgNVHSMEGDAW
gBT2babfIoJv74qHNNmBJD/ZtH3VbDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
/wQEAwIBxjAdBgNVHQ4EFgQU9m2m3yKCb++KhzTZgSQ/2bR91WwwPQYIKwYBBQUH
AQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2JlbGl4LnJvdGgubGFuOjgwL2Nh
L29jc3AwDQYJKoZIhvcNAQELBQADggEBAEBmWRBjR/OHu5HayB645zS8zodPlbF8
vvlqfjVhoCPt83Eoz2tNtfIGUMS22ZoEIVuq0GdfdJpAdmBgkIEkYHha1GmsTxLm
q9uPaUbvmowpJgV6692IGeojduYifVUdl0bmHwz1B2vo0MD2XopaCBS+EVzOSsMD
ri/4gWGZYVsCYCjfGbWvywjD/uhRPHCbdX6Vv+fiMkZRTUZYV0iXsIUSmbl8cnEb
H3tZZ6o/TceO/QDHkTam9LAJKehxgMfLRCcs/5IrI8f7yvfqSU0cX96TvbWhs9n+
vaDd/7Vf74z+riTCFI03WslbSPtCilsnZa3z8++Ti91YFzc7RQdy/TA=
-----END CERTIFICATE-----
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-A' '-t' 'CT,C,C' '-n' 'ROTH.LAN IPA CA' '-a' '-i' '/tmp/tmpt9wS4r'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [11/25]: fixing RA database permissions
[11/25]: fixing RA database permissions
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [12/25]: setting up signing cert profile
[12/25]: setting up signing cert profile
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [13/25]: setting audit signing renewal to 2 years
[13/25]: setting audit signing renewal to 2 years
ipa.ipaserver.install.cainstance.CAInstance: DEBUG caSignedLogCert.cfg profile validity range is 720
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [14/25]: restarting certificate server
[14/25]: restarting certificate server
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'restart' 'pki-tomcatd at pki-tomcat.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 1200
ipa : DEBUG Waiting until the CA is running
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:07:42-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:08:14-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:08:45-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:09:16-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:09:47-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:10:18-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:10:49-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:11:20-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:11:52-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:12:23-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:12:54-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:13:25-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:13:56-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:14:27-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.2.6-13.fc23</Version></XMLResponse>
ipa : DEBUG stderr=--2016-01-08 21:14:58-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
WARNUNG: Das Zertifikat von »obelix.roth.lan« kann nicht geprüft werden, ausgestellt von »»CN=Certificate Authority,O=ROTH.LAN««:.
Ein selbst-signiertes Zertifikat wurde gefunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet …
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 169
Date: Fri, 08 Jan 2016 13:15:09 GMT
Länge: 169 [application/xml]
Wird in »»STDOUT«« gespeichert.
0K 100% 9,17M=0s
2016-01-08 21:15:09 (9,17 MB/s) - auf die Standardausgabe geschrieben [169/169]
ipa : DEBUG The CA status is: running
ipa : DEBUG duration: 471 seconds
ipa : DEBUG [15/25]: requesting RA certificate from CA
[15/25]: requesting RA certificate from CA
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-R' '-k' 'rsa' '-g' '2048' '-s' 'CN=IPA RA,O=ROTH.LAN' '-z' '/tmp/tmprqNm5r' '-a'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
Certificate request generated by Netscape certutil
Phone: (not specified)
Common Name: IPA RA
Email: (not specified)
Organization: ROTH.LAN
State: (not specified)
Country: (not specified)
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICaTCCAVECAQAwJDERMA8GA1UEChMIUk9USC5MQU4xDzANBgNVBAMTBklQQSBS
QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMud4fb3bksiq524hjUY
lc+KlLAv2aWAlUYePTbgkc1/jfbDekt+/DeT0/CEhQjADJBJzbQeEUfXRnRBOH6A
8+mgJIW9zDvd0V+bNsNsSMZPwQRKOFVwQuPra33hD0677GGQcNyhHJcVmIkHR//z
izwRULAC8YauNBasUk8fAdhg3eXUWq4ksZ0uy9aMPXi64YdTxdMNU9ZlOoT5qRnc
yw+ZfUF6iMLIlRqZqn63EAVpm4g30D2xYH46E8Zc1NH0o2ANCRlPP2fUk86++RYk
HC24khHMj8iXKlPUWfiP+Hn4D9KV2QAL8srbezAeO9eO6zMu97C8B3Afh+CpmzDN
s+MCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCYecmO0rSXoYA/lus9WNkd9zti
OtJm6oN/ciF2qWbRs+dFUW8meATjoS1EeXd2+nFQZQsJtlAnmXW8jotesLS1UZd9
HpNwKQV6d05lrXh9RZ8fXxaxetfE/+sB7Y17vPjwho7VdLQAT9vl0PICo+1UFy4p
zYtQSdDMiDyuGXUgOkUkccCYJ3LASOBmh0WZ1kPF9RFRkAQAFAYVLNaXKmaJpKzT
YM2wnIHCtMpEwLrMkLrwI4tjb7NzL2l3OimtHTlKk9U8BkygT+3ohu1QBAijlh1D
uJ2Q9Ot1mB3Z3gNu8UFyRG4TGhAIqF8cefh4i8z+2NjVw/y9xKemQ8r2SNM7
-----END NEW CERTIFICATE REQUEST-----
ipa : DEBUG stderr=
Generating key. This may take a few moments...
ipa : DEBUG duration: 15 seconds
ipa : DEBUG [16/25]: issuing RA agent certificate
[16/25]: issuing RA agent certificate
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/sslget' '-v' '-n' 'ipa-ca-agent' '-p' XXXXXXXX '-d' '/tmp/tmp-Marzji' '-r' '/ca/agent/ca/profileReview?requestId=7' 'obelix.roth.lan:8443'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 08 Jan 2016 13:15:25 GMT
Connection: close
<!-- --- BEGIN COPYRIGHT BLOCK ---
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Copyright (C) 2007 Red Hat, Inc.
All rights reserved.
--- END COPYRIGHT BLOCK --- -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<script type="text/javascript">
requestNotes="";
requestType="enrollment";
recordSet = new Array;
record = new Object;
record.conDesc="This constraint accepts the subject name that matches .*CN=.*";
record.policyId="1";
record.defListSet = new Array;
defList = new Object;
defList.defId="name";
defList.defConstraint="null";
defList.defName="Subject Name";
defList.defSyntax="string";
defList.defVal="CN=IPA RA,O=ROTH.LAN";
record.defListSet[0] = defList;
record.defDesc="This default populates a User-Supplied Certificate Subject Name to the request.";
recordSet[0] = record;
record = new Object;
record.conDesc="This constraint rejects the validity that is not between 720 days.";
record.policyId="2";
record.defListSet = new Array;
defList = new Object;
defList.defId="notBefore";
defList.defConstraint="null";
defList.defName="Not Before";
defList.defSyntax="string";
defList.defVal="2016-01-08 21:15:23";
record.defListSet[0] = defList;
defList = new Object;
defList.defId="notAfter";
defList.defConstraint="null";
defList.defName="Not After";
defList.defSyntax="string";
defList.defVal="2017-12-28 21:15:23";
record.defListSet[1] = defList;
record.defDesc="This default populates a Certificate Validity to the request. The default values are Range=720 in days";
recordSet[1] = record;
record = new Object;
record.conDesc="This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521";
record.policyId="3";
record.defListSet = new Array;
defList = new Object;
defList.defId="TYPE";
defList.defConstraint="readonly";
defList.defName="Key Type";
defList.defSyntax="string";
defList.defVal="RSA - 1.2.840.113549.1.1.1";
record.defListSet[0] = defList;
defList = new Object;
defList.defId="LEN";
defList.defConstraint="readonly";
defList.defName="Key Length";
defList.defSyntax="string";
defList.defVal="2048";
record.defListSet[1] = defList;
defList = new Object;
defList.defId="KEY";
defList.defConstraint="readonly";
defList.defName="Key";
defList.defSyntax="string";
defList.defVal="30:82:01:0A:02:82:01:01:00:CB:9D:E1:F6:F7:6E:4B:\n22:AB:9D:B8:86:35:18:95:CF:8A:94:B0:2F:D9:A5:80:\n95:46:1E:3D:36:E0:91:CD:7F:8D:F6:C3:7A:4B:7E:FC:\n37:93:D3:F0:84:85:08:C0:0C:90:49:CD:B4:1E:11:47:\nD7:46:74:41:38:7E:80:F3:E9:A0:24:85:BD:CC:3B:DD:\nD1:5F:9B:36:C3:6C:48:C6:4F:C1:04:4A:38:55:70:42:\nE3:EB:6B:7D:E1:0F:4E:BB:EC:61:90:70:DC:A1:1C:97:\n15:98:89:07:47:FF:F3:8B:3C:11:50:B0:02:F1:86:AE:\n34:16:AC:52:4F:1F:01:D8:60:DD:E5:D4:5A:AE:24:B1:\n9D:2E:CB:D6:8C:3D:78:BA:E1:87:53:C5:D3:0D:53:D6:\n65:3A:84:F9:A9:19:DC:CB:0F:99:7D:41:7A:88:C2:C8:\n95:1A:99:AA:7E:B7:10:05:69:9B:88:37:D0:3D:B1:60:\n7E:3A:13:C6:5C:D4:D1:F4:A3:60:0D:09:19:4F:3F:67:\nD4:93:CE:BE:F9:16:24:1C:2D:B8:92:11:CC:8F:C8:97:\n2A:53:D4:59:F8:8F:F8:79:F8:0F:D2:95:D9:00:0B:F2:\nCA:DB:7B:30:1E:3B:D7:8E:EB:33:2E:F7:B0:BC:07:70:\n1F:87:E0:A9:9B:30:CD:B3:E3:02:03:01:00:01\n";
record.defListSet[2] = defList;
record.defDesc="This default populates a User-Supplied Certificate Key to the request.";
recordSet[2] = record;
record = new Object;
record.conDesc="No Constraint";
record.policyId="4";
record.defListSet = new Array;
defList = new Object;
defList.defId="critical";
defList.defConstraint="readonly";
defList.defName="Criticality";
defList.defSyntax="string";
defList.defVal="false";
record.defListSet[0] = defList;
defList = new Object;
defList.defId="keyid";
defList.defConstraint="readonly";
defList.defName="Key ID";
defList.defSyntax="string";
defList.defVal="F6:6D:A6:DF:22:82:6F:EF:8A:87:34:D9:81:24:3F:D9:\nB4:7D:D5:6C\n";
record.defListSet[1] = defList;
record.defDesc="This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.";
recordSet[3] = record;
record = new Object;
record.conDesc="No Constraint";
record.policyId="5";
record.defListSet = new Array;
defList = new Object;
defList.defId="authInfoAccessCritical";
defList.defConstraint="null";
defList.defName="Criticality";
defList.defSyntax="boolean";
defList.defVal="false";
record.defListSet[0] = defList;
defList = new Object;
defList.defId="authInfoAccessGeneralNames";
defList.defConstraint="null";
defList.defName="General Names";
defList.defSyntax="string_list";
defList.defVal="Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://obelix.roth.lan:80/ca/ocsp\r\nEnable:true\r\n\r\n";
record.defListSet[1] = defList;
record.defDesc="This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}";
recordSet[4] = record;
record = new Object;
record.conDesc="This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false";
record.policyId="6";
record.defListSet = new Array;
defList = new Object;
defList.defId="keyUsageCritical";
defList.defConstraint="null";
defList.defName="Criticality";
defList.defSyntax="boolean";
defList.defVal="true";
record.defListSet[0] = defList;
defList = new Object;
defList.defId="keyUsageDigitalSignature";
defList.defConstraint="null";
defList.defName="Digital Signature";
defList.defSyntax="boolean";
defList.defVal="true";
record.defListSet[1] = defList;
defList = new Object;
defList.defId="keyUsageNonRepudiation";
defList.defConstraint="null";
defList.defName="Non-Repudiation";
defList.defSyntax="boolean";
defList.defVal="true";
record.defListSet[2] = defList;
defList = new Object;
defList.defId="keyUsageKeyEncipherment";
defList.defConstraint="null";
defList.defName="Key Encipherment";
defList.defSyntax="boolean";
defList.defVal="true";
record.defListSet[3] = defList;
defList = new Object;
defList.defId="keyUsageDataEncipherment";
defList.defConstraint="null";
defList.defName="Data Encipherment";
defList.defSyntax="boolean";
defList.defVal="true";
record.defListSet[4] = defList;
defList = new Object;
defList.defId="keyUsageKeyAgreement";
defList.defConstraint="null";
defList.defName="Key Agreement";
defList.defSyntax="boolean";
defList.defVal="false";
record.defListSet[5] = defList;
defList = new Object;
defList.defId="keyUsageKeyCertSign";
defList.defConstraint="null";
defList.defName="Key CertSign";
defList.defSyntax="boolean";
defList.defVal="false";
record.defListSet[6] = defList;
defList = new Object;
defList.defId="keyUsageCrlSign";
defList.defConstraint="null";
defList.defName="CRL Sign";
defList.defSyntax="boolean";
defList.defVal="false";
record.defListSet[7] = defList;
defList = new Object;
defList.defId="keyUsageEncipherOnly";
defList.defConstraint="null";
defList.defName="Encipher Only";
defList.defSyntax="boolean";
defList.defVal="false";
record.defListSet[8] = defList;
defList = new Object;
defList.defId="keyUsageDecipherOnly";
defList.defConstraint="null";
defList.defName="Decipher Only";
defList.defSyntax="boolean";
defList.defVal="false";
record.defListSet[9] = defList;
record.defDesc="This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false";
recordSet[5] = record;
record = new Object;
record.conDesc="No Constraint";
record.policyId="7";
record.defListSet = new Array;
defList = new Object;
defList.defId="exKeyUsageCritical";
defList.defConstraint="null";
defList.defName="Criticality";
defList.defSyntax="boolean";
defList.defVal="false";
record.defListSet[0] = defList;
defList = new Object;
defList.defId="exKeyUsageOIDs";
defList.defConstraint="null";
defList.defName="Comma-Separated list of Object Identifiers";
defList.defSyntax="string_list";
defList.defVal="1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2";
record.defListSet[1] = defList;
record.defDesc="This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2";
recordSet[6] = record;
record = new Object;
record.conDesc="This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC";
record.policyId="8";
record.defListSet = new Array;
defList = new Object;
defList.defId="signingAlg";
defList.defConstraint="SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA";
defList.defName="Signing Algorithm";
defList.defSyntax="choice";
defList.defVal="SHA256withRSA";
record.defListSet[0] = defList;
record.defDesc="This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA";
recordSet[7] = record;
profileDesc="This certificate profile is for enrolling server certificates.";
inputListSet = new Array;
inputList = new Object;
inputList.inputId="cert_request_type";
inputList.inputName="Certificate Request Type";
inputList.inputVal="pkcs10";
inputList.inputSyntax="cert_request_type";
inputList.inputConstraint="null";
inputListSet[0] = inputList;
inputList = new Object;
inputList.inputId="cert_request";
inputList.inputName="Certificate Request";
inputList.inputVal="MIICaTCCAVECAQAwJDERMA8GA1UEChMIUk9USC5MQU4xDzANBgNVBAMTBklQQSBS\r\nQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMud4fb3bksiq524hjUY\r\nlc+KlLAv2aWAlUYePTbgkc1/jfbDekt+/DeT0/CEhQjADJBJzbQeEUfXRnRBOH6A\r\n8+mgJIW9zDvd0V+bNsNsSMZPwQRKOFVwQuPra33hD0677GGQcNyhHJcVmIkHR//z\r\nizwRULAC8YauNBasUk8fAdhg3eXUWq4ksZ0uy9aMPXi64YdTxdMNU9ZlOoT5qRnc\r\nyw+ZfUF6iMLIlRqZqn63EAVpm4g30D2xYH46E8Zc1NH0o2ANCRlPP2fUk86++RYk\r\nHC24khHMj8iXKlPUWfiP+Hn4D9KV2QAL8srbezAeO9eO6zMu97C8B3Afh+CpmzDN\r\ns+MCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCYecmO0rSXoYA/lus9WNkd9zti\r\nOtJm6oN/ciF2qWbRs+dFUW8meATjoS1EeXd2+nFQZQsJtlAnmXW8jotesLS1UZd9\r\nHpNwKQV6d05lrXh9RZ8fXxaxetfE/+sB7Y17vPjwho7VdLQAT9vl0PICo+1UFy4p\r\nzYtQSdDMiDyuGXUgOkUkccCYJ3LASOBmh0WZ1kPF9RFRkAQAFAYVLNaXKmaJpKzT\r\nYM2wnIHCtMpEwLrMkLrwI4tjb7NzL2l3OimtHTlKk9U8BkygT+3ohu1QBAijlh1D\r\nuJ2Q9Ot1mB3Z3gNu8UFyRG4TGhAIqF8cefh4i8z+2NjVw/y9xKemQ8r2SNM7\n";
inputList.inputSyntax="cert_request";
inputList.inputConstraint="null";
inputListSet[1] = inputList;
inputList = new Object;
inputList.inputId="requestor_name";
inputList.inputName="Requestor Name";
inputList.inputVal="IPA Installer";
inputList.inputSyntax="string";
inputList.inputConstraint="null";
inputListSet[2] = inputList;
inputList = new Object;
inputList.inputId="requestor_email";
inputList.inputName="Requestor Email";
inputList.inputVal="null";
inputList.inputSyntax="string";
inputList.inputConstraint="null";
inputListSet[3] = inputList;
inputList = new Object;
inputList.inputId="requestor_phone";
inputList.inputName="Requestor Phone";
inputList.inputVal="null";
inputList.inputSyntax="string";
inputList.inputConstraint="null";
inputListSet[4] = inputList;
errorCode="0";
requestModificationTime="Fri Jan 08 21:15:24 CST 2016";
profileRemoteAddr="192.168.178.10";
profileName="Manual Server Certificate Enrollment";
profileApprovedBy="admin";
requestOwner="";
profileId="caServerCert";
profileRemoteHost="192.168.178.10";
profileIsVisible="true";
requestId="7";
errorReason="";
requestStatus="pending";
requestCreationTime="Fri Jan 08 21:15:23 CST 2016";
outputListSet = new Array;
outputList = new Object;
outputList.outputId="pretty_cert";
outputList.outputSyntax="pretty_print";
outputList.outputVal="null";
outputList.outputName="Certificate Pretty Print";
outputList.outputConstraint="null";
outputListSet[0] = outputList;
outputList = new Object;
outputList.outputId="b64_cert";
outputList.outputSyntax="pretty_print";
outputList.outputVal="null";
outputList.outputName="Certificate Base-64 Encoded";
outputList.outputConstraint="null";
outputListSet[1] = outputList;
profileSetId="serverCertSet";
</script>
<style>
TABLE { border-spacing: 0 0; }
</style>
<script type="text/javascript">
function escapeValue(value)
{
return value.replace(/"/g,'"');
}
function addEscapes(str)
{
var outStr = str.replace(/</g, "<");
outStr = outStr.replace(/>/g, ">");
return outStr;
}
document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
document.writeln(requestId);
document.writeln('<br></font>');
</script>
<font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif"
width="100%">
<tr>
<td> </td>
</tr>
</table>
<p>
<script type="text/javascript">
if (requestStatus == 'pending') {
document.writeln('<form method=post action="profileProcess">');
document.writeln('<input type=hidden name=requestId value=' + requestId + '>');
}
document.writeln('<p>');
document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Request Information</FONT></TD></TR></TABLE>');
document.writeln('<table border=1 width=100%>');
document.writeln('<tr>');
document.writeln('<td width=20%>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Request ID:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(requestId);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Request Type:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(requestType);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Request Status:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(requestStatus);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Requestor Host:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(profileRemoteHost);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Assigned To:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(requestOwner);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Creation Time:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(requestCreationTime);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Modification Time:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(requestModificationTime);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('</table>');
document.writeln('<p>');
document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Information</FONT></TD></TR></TABLE>');
document.writeln('<table border=1 width=100%>');
document.writeln('<tr>');
document.writeln('<td width=20%>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Certificate Profile Id:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(profileId);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('<tr>');
document.writeln('<td width=20%>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Approved By:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(profileApprovedBy);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Certificate Profile Name:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(profileName);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Certificate Profile Description:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(profileDesc);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('</table>');
document.writeln('<p>');
if (requestStatus != 'pending') {
document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
document.writeln('<table width=100% border=1>');
document.writeln('<tr>');
document.writeln('<td>');
document.writeln(requestNotes);
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('</table>');
document.writeln('<p>');
}
if (profileIsVisible == 'true') {
document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Inputs</FONT></TD></TR></TABLE>');
document.writeln('<table border=1 width=100%>');
document.writeln('<tr>');
document.writeln('<td width=20%>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Id</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td width=40%>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Input Names</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Input Values</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
for (var i = 0; i < inputListSet.length; i++) {
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(inputListSet[i].inputId);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(inputListSet[i].inputName);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(addEscapes(inputListSet[i].inputVal));
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
}
document.writeln('</table>');
document.writeln('<p>');
}
if (requestStatus == 'complete') {
document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Outputs</FONT></TD></TR></TABLE>');
for (var i = 0; i < outputListSet.length; i++) {
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
);
document.writeln('<li>');
document.writeln(outputListSet[i].outputName);
document.writeln('</FONT>');
document.writeln('<p>');
if (outputListSet[i].outputSyntax == 'string') {
document.writeln(outputListSet[i].outputVal);
} else if (outputListSet[i].outputSyntax == 'pretty_print') {
document.writeln('<pre>');
document.writeln(outputListSet[i].outputVal);
document.writeln('</pre>');
} else if (outputListSet[i].outputSyntax == 'der_b64') {
document.writeln('<pre>');
document.writeln('-----BEGIN CERTIFICATE-----');
document.writeln(outputListSet[i].outputVal);
document.writeln('-----END CERTIFICATE-----');
document.writeln('</pre>');
}
document.writeln('</p>');
}
}
if (requestStatus == 'pending') {
document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Policy Information</FONT></TD></TR></TABLE>');
document.writeln('<table>');
document.writeln('<tr>');
document.writeln('<td width=20%>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Certificate Profile Set Id:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(profileSetId);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
document.writeln('</table>');
document.writeln('<table border=1 width=100%>');
document.writeln('<tr>');
document.writeln('<td width=10%>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>#</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td width=45%>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Extensions / Fields</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td width=45%>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Constraints</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
for (var i = 0; i < recordSet.length; i++) {
document.writeln('<tr valign=top>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(recordSet[i].policyId);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(recordSet[i].defDesc);
document.writeln('</FONT>');
document.writeln('<p>');
document.writeln('<table width=100%>');
for (var j = 0; j < recordSet[i].defListSet.length; j++) {
document.writeln('<tr valign=top>');
if (typeof(recordSet[i].defListSet[j].defName) != 'undefined') {
document.writeln('<td width=30%><i>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(recordSet[i].defListSet[j].defName + ':');
document.writeln('</FONT>');
document.writeln('</i></td>');
document.writeln('<td width=70%>');
if (recordSet[i].defListSet[j].defConstraint == 'readonly') {
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(recordSet[i].defListSet[j].defVal);
document.writeln('</FONT>');
} else {
if (recordSet[i].defListSet[j].defSyntax == 'string') {
document.writeln('<input size=32 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + escapeValue(recordSet[i].defListSet[j].defVal) + '">');
} else if (recordSet[i].defListSet[j].defSyntax == 'string_list') {
document.writeln('<textarea cols=40 rows=5 name="' + recordSet[i].defListSet[j].defId + '">' + recordSet[i].defListSet[j].defVal + '</textarea>');
} else if (recordSet[i].defListSet[j].defSyntax == 'integer') {
document.writeln('<input size=6 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
} else if (recordSet[i].defListSet[j].defSyntax == 'image_url') {
document.writeln('<img border=0 src="' + recordSet[i].defListSet[j].defVal + '">');
document.writeln('<input type=hidden name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
} else if (recordSet[i].defListSet[j].defSyntax == 'choice') {
document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
var c = recordSet[i].defListSet[j].defConstraint.split(',');
for(var k = 0; k < c.length; k++) {
if (recordSet[i].defListSet[j].defVal == c[k]) {
document.writeln('<option selected value=' + c[k] + '>');
} else {
document.writeln('<option value=' + c[k] + '>');
}
document.writeln(c[k]);
document.writeln('</option>');
}
document.writeln('</select>');
} else if (recordSet[i].defListSet[j].defSyntax == 'boolean') {
document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
if (recordSet[i].defListSet[j].defVal == 'true') {
document.writeln('<option selected value=true>true</option>');
document.writeln('<option value=false>false</option>');
} else {
document.writeln('<option value=true>true</option>');
document.writeln('<option selected value=false>false</option>');
}
document.writeln('</select>');
}
}
document.writeln('</td>');
}
document.writeln('</tr>');
}
document.writeln('</table>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(recordSet[i].conDesc);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
} // for
document.writeln('</table>');
document.writeln('<p>');
document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
document.writeln('<textarea cols=40 rows=5 name="requestNotes">' + requestNotes + '</textarea>');
document.writeln('<p>');
document.writeln('<SELECT NAME="op">');
document.writeln('<OPTION VALUE="update">Update request</OPTION>');
document.writeln('<OPTION VALUE="validate">Validate request</OPTION>');
document.writeln('<OPTION SELECTED VALUE="approve">Approve request</OPTION>');
document.writeln('<OPTION VALUE="reject">Reject request</OPTION>');
document.writeln('<OPTION VALUE="cancel">Cancel request</OPTION>');
document.writeln('<OPTION VALUE="assign">Assign request</OPTION>');
document.writeln('<OPTION VALUE="unassign">Unassign request</OPTION>');
document.writeln('</SELECT>');
if (typeof(nonce) != "undefined") {
document.writeln("<INPUT TYPE=hidden name=nonce value=\"" + nonce +"\">");
}
document.writeln('<input type=submit name=submit value=submit>');
document.writeln('</form>');
} // if
</script>
</html>
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Issuer : CN=Certificate Authority,O=ROTH.LAN
bulk cipher AES-128, 128 secret key bits, 128 key bits, status: 1
ipa : DEBUG stderr=GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0
Host: obelix.roth.lan:8443
port: 8443
addr='obelix.roth.lan'
family='2'
IP='192.168.178.10'
Called mygetclientauthdata - nickname = ipa-ca-agent
mygetclientauthdata - cert = b75003c8
mygetclientauthdata - privkey = b75410d8
PR_Write wrote 83 bytes from bigBuf
bytes: [GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0
Host: obelix.roth.lan:8443
]
do_writes shutting down send socket
do_writes exiting with (result = 0)
connection 1 read 9000 bytes (9000 total).
these bytes read:
connection 1 read 9000 bytes (18000 total).
these bytes read:
connection 1 read 9000 bytes (27000 total).
these bytes read:
connection 1 read 2676 bytes (29676 total).
these bytes read:
connection 1 read 29676 bytes total. -----------------------------
Done with possible addresses - exiting.
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/sslget' '-v' '-n' 'ipa-ca-agent' '-p' XXXXXXXX '-d' '/tmp/tmp-Marzji' '-e' 'exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2016-01-08+21%3A15%3A23&keyUsageCritical=true&submit=submit¬After=2017-12-28+21%3A15%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fobelix.roth.lan%3A80%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DROTH.LAN&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve' '-r' '/ca/agent/ca/profileProcess' 'obelix.roth.lan:8443'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 08 Jan 2016 13:15:31 GMT
Connection: close
<!-- --- BEGIN COPYRIGHT BLOCK ---
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Copyright (C) 2007 Red Hat, Inc.
All rights reserved.
--- END COPYRIGHT BLOCK --- -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<script type="text/javascript">
outputListSet = new Array;
outputList = new Object;
outputList.outputId="pretty_cert";
outputList.outputSyntax="pretty_print";
outputList.outputVal=" Certificate: \n Data: \n Version: v3\n Serial Number: 0x7\n Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Issuer: CN=Certificate Authority,O=ROTH.LAN\n Validity: \n Not Before: Friday, January 8, 2016 9:15:23 PM CST Asia/Taipei\n Not After: Thursday, December 28, 2017 9:15:23 PM CST Asia/Taipei\n Subject: CN=IPA RA,O=ROTH.LAN\n Subject Public Key Info: \n Algorithm: RSA - 1.2.840.113549.1.1.1\n Public Key: \n Exponent: 65537\n Public Key Modulus: (2048 bits) :\n CB:9D:E1:F6:F7:6E:4B:22:AB:9D:B8:86:35:18:95:CF:\n 8A:94:B0:2F:D9:A5:80:95:46:1E:3D:36:E0:91:CD:7F:\n 8D:F6:C3:7A:4B:7E:FC:37:93:D3:F0:84:85:08:C0:0C:\n 90:49:CD:B4:1E:11:47:D7:46:74:41:38:7E:80:F3:E9:\n A0:24:85:BD:CC:3B:DD:D1:5F:9B:36:C3:6C:48:C6:4F:\n C1:04:4A:38:55:70:42:E3:EB:6B:7D:E1:0F:4E:BB:EC:\n 61:90:70:DC:A1:1C:97:15:98:89:07:47:FF:F3:8B:3C:\n 11:50:B0:02:F1:86:AE:34:16:AC:52:4F:1F:01:D8:60:\n DD:E5:D4:5A:AE:24:B1:9D:2E:CB:D6:8C:3D:78:BA:E1:\n 87:53:C5:D3:0D:53:D6:65:3A:84:F9:A9:19:DC:CB:0F:\n 99:7D:41:7A:88:C2:C8:95:1A:99:AA:7E:B7:10:05:69:\n 9B:88:37:D0:3D:B1:60:7E:3A:13:C6:5C:D4:D1:F4:A3:\n 60:0D:09:19:4F:3F:67:D4:93:CE:BE:F9:16:24:1C:2D:\n B8:92:11:CC:8F:C8:97:2A:53:D4:59:F8:8F:F8:79:F8:\n 0F:D2:95:D9:00:0B:F2:CA:DB:7B:30:1E:3B:D7:8E:EB:\n 33:2E:F7:B0:BC:07:70:1F:87:E0:A9:9B:30:CD:B3:E3\n Extensions: \n Identifier: Authority Key Identifier - 2.5.29.35\n Critical: no \n Key Identifier: \n F6:6D:A6:DF:22:82:6F:EF:8A:87:34:D9:81:24:3F:D9:\n B4:7D:D5:6C\n Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n Critical: no \n Access Description: \n Method #0: ocsp\n Location #0: URIName: http://obelix.roth.lan:80/ca/ocsp\n Identifier: Key Usage: - 2.5.29.15\n Critical: yes \n Key Usage: \n Digital Signature \n Non Repudiation \n Key Encipherment \n Data Encipherment \n Identifier: Extended Key Usage: - 2.5.29.37\n Critical: no \n Extended Key Usage: \n 1.3.6.1.5.5.7.3.1\n 1.3.6.1.5.5.7.3.2\n Signature: \n Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Signature: \n 0F:A7:2F:88:93:A1:20:86:C4:98:9B:F6:CD:DC:88:37:\n 78:22:62:66:30:30:7B:C3:81:23:8C:C3:3A:CF:E1:61:\n 35:F9:03:6D:06:AF:26:4C:5F:80:05:5B:AE:A4:0B:4E:\n DE:AD:99:07:49:A8:70:20:48:57:56:69:B7:D2:E5:65:\n 2B:C7:22:76:ED:21:B2:8A:31:12:B6:B5:9B:45:57:A6:\n F5:45:09:3F:78:AE:A3:11:23:30:FD:A4:EC:99:45:66:\n DF:1B:D0:69:78:38:8D:B8:8E:E9:DA:7D:6F:DA:7F:7E:\n 80:CB:96:E6:11:5A:95:63:AD:B8:22:37:EE:C4:9F:DC:\n 2B:F3:AD:A3:1D:29:29:02:5B:3B:81:57:A4:10:C0:34:\n 87:77:2F:2C:9A:92:05:E2:FF:A2:2E:20:E2:EF:DE:8C:\n 2B:D4:BB:21:35:AA:BA:7B:70:12:B8:0A:AC:9B:B8:03:\n 7D:59:98:BA:63:48:0E:2B:CA:4C:0B:1A:87:2A:95:35:\n BC:DE:B8:6D:C9:2F:FC:B1:42:E3:19:0C:8E:1C:8F:2A:\n E2:56:85:E6:EE:35:C1:A3:00:49:E3:74:D8:44:26:13:\n 06:51:44:64:A7:3A:53:C2:56:43:9C:26:07:3E:50:14:\n D0:5A:3E:9C:5D:E9:EE:4C:D2:8B:FF:97:FE:9E:46:90\n FingerPrint\n MD2:\n D8:2C:27:4A:AB:3B:07:BC:F9:7B:CA:CE:92:3B:2A:A4\n MD5:\n E7:9F:7D:7A:62:B5:E8:E6:76:3E:A0:DE:7B:38:31:F6\n SHA-1:\n 8C:1E:CC:BD:E9:E7:BA:8B:4C:A4:6A:77:DA:8B:B6:C9:\n A8:B9:8B:5E\n SHA-256:\n D9:0F:1B:D9:98:CB:1C:90:68:4D:7F:B0:82:1F:74:2C:\n A0:CA:30:BA:E4:10:0C:7A:80:9C:9C:3F:BB:32:E8:8F\n SHA-512:\n 2A:D4:A6:3A:22:D8:01:A1:80:3A:FF:1D:58:CB:2A:94:\n 2E:CA:7E:3F:6F:80:82:F0:C6:80:5D:EB:3D:4C:AD:11:\n 2E:F8:2F:09:77:65:09:06:6D:39:3C:82:5B:A8:56:4F:\n 0A:FB:27:92:6C:FB:FE:A6:6B:34:6C:04:74:C1:78:12\n";
outputList.outputName="Certificate Pretty Print";
outputList.outputConstraint="null";
outputListSet[0] = outputList;
outputList = new Object;
outputList.outputId="b64_cert";
outputList.outputSyntax="pretty_print";
outputList.outputVal="-----BEGIN CERTIFICATE-----\nMIIDZTCCAk2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhST1RI\r\nLkxBTjEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDEwODEz\r\nMTUyM1oXDTE3MTIyODEzMTUyM1owJDERMA8GA1UECgwIUk9USC5MQU4xDzANBgNV\r\nBAMMBklQQSBSQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMud4fb3\r\nbksiq524hjUYlc+KlLAv2aWAlUYePTbgkc1/jfbDekt+/DeT0/CEhQjADJBJzbQe\r\nEUfXRnRBOH6A8+mgJIW9zDvd0V+bNsNsSMZPwQRKOFVwQuPra33hD0677GGQcNyh\r\nHJcVmIkHR//zizwRULAC8YauNBasUk8fAdhg3eXUWq4ksZ0uy9aMPXi64YdTxdMN\r\nU9ZlOoT5qRncyw+ZfUF6iMLIlRqZqn63EAVpm4g30D2xYH46E8Zc1NH0o2ANCRlP\r\nP2fUk86++RYkHC24khHMj8iXKlPUWfiP+Hn4D9KV2QAL8srbezAeO9eO6zMu97C8\r\nB3Afh+CpmzDNs+MCAwEAAaOBkjCBjzAfBgNVHSMEGDAWgBT2babfIoJv74qHNNmB\r\nJD/ZtH3VbDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9vYmVs\r\naXgucm90aC5sYW46ODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYw\r\nFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAPpy+Ik6Eg\r\nhsSYm/bN3Ig3eCJiZjAwe8OBI4zDOs/hYTX5A20GryZMX4AFW66kC07erZkHSahw\r\nIEhXVmm30uVlK8cidu0hsooxEra1m0VXpvVFCT94rqMRIzD9pOyZRWbfG9BpeDiN\r\nuI7p2n1v2n9+gMuW5hFalWOtuCI37sSf3CvzraMdKSkCWzuBV6QQwDSHdy8smpIF\r\n4v+iLiDi796MK9S7ITWquntwErgKrJu4A31ZmLpjSA4rykwLGocqlTW83rhtyS/8\r\nsULjGQyOHI8q4laF5u41waMASeN02EQmEwZRRGSnOlPCVkOcJgc+UBTQWj6cXenu\r\nTNKL/5f+nkaQ\r\n-----END CERTIFICATE-----\n";
outputList.outputName="Certificate Base-64 Encoded";
outputList.outputConstraint="null";
outputListSet[1] = outputList;
errorReason="";
requestType="enrollment";
profileId="caServerCert";
requestId="7";
errorCode="0";
requestStatus="complete";
op="approve";
</script>
<script type="text/javascript">
function addEscapes(str)
{
var outStr = str.replace(/</g, "<");
outStr = outStr.replace(/>/g, ">");
return outStr;
}
document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
if (typeof(requestId) != "undefined") {
document.writeln(requestId);
}
document.writeln('<br></font>');
</script>
<font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
<tr>
<td> </td>
</tr>
</table>
<p>
<script type="text/javascript">
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Request Information:</b>');
document.writeln('</FONT>');
document.writeln('<table border=1 width=100%>');
if (typeof(requestId) != "undefined") {
document.writeln('<tr>');
document.writeln('<td width=30%>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Request ID:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<a href="profileReview?requestId=' + requestId + '">');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(requestId);
document.writeln('</FONT>');
document.writeln('</a>');
document.writeln('</td>');
document.writeln('</tr>');
}
if (typeof(requestType) != "undefined") {
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Request Type:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(requestType);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
}
if (typeof(requestStatus) != "undefined") {
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Request Status:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(requestStatus);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
}
if (typeof(profileId) != "undefined") {
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Certificate Profile Id:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(profileId);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
}
if (typeof(op) != "undefined") {
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Operation Requested:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(op);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
}
if (typeof(errorCode) != "undefined") {
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Error Code:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(errorCode);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
}
if (typeof(errorReason) != "undefined") {
document.writeln('<tr>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln('<b>Error Reason:</b>');
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
document.writeln(errorReason);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('</tr>');
}
document.writeln('</table>');
document.writeln('<p>');
document.writeln('</table>');
if (typeof(requestStatus) != "undefined" && requestStatus == 'complete') {
document.writeln('<table width=100%>');
for (var i = 0; i < outputListSet.length; i++) {
document.writeln('<tr valign=top>');
document.writeln('<td>');
document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
);
document.writeln('<li>');
document.writeln(outputListSet[i].outputName);
document.writeln('</FONT>');
document.writeln('</td>');
document.writeln('<tr valign=top>');
document.writeln('</tr>');
document.writeln('<td>');
if (outputListSet[i].outputSyntax == 'string') {
document.writeln(addEscapes(outputListSet[i].outputVal));
} else if (outputListSet[i].outputSyntax == 'pretty_print') {
document.writeln('<pre>');
document.writeln(addEscapes(outputListSet[i].outputVal));
document.writeln('</pre>');
}
document.writeln('</td>');
document.writeln('</tr>');
}
document.writeln('</table>');
}
</script>
</html>
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Issuer : CN=Certificate Authority,O=ROTH.LAN
bulk cipher AES-128, 128 secret key bits, 128 key bits, status: 1
ipa : DEBUG stderr=POST /ca/agent/ca/profileProcess HTTP/1.0
Host: obelix.roth.lan:8443
Content-Length: 743
Content-Type: application/x-www-form-urlencoded
exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2016-01-08+21%3A15%3A23&keyUsageCritical=true&submit=submit¬After=2017-12-28+21%3A15%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fobelix.roth.lan%3A80%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DROTH.LAN&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approveport: 8443
addr='obelix.roth.lan'
family='2'
IP='192.168.178.10'
Called mygetclientauthdata - nickname = ipa-ca-agent
mygetclientauthdata - cert = b89356f0
mygetclientauthdata - privkey = b8976400
PR_Write wrote 886 bytes from bigBuf
bytes: [POST /ca/agent/ca/profileProcess HTTP/1.0
Host: obelix.roth.lan:8443
Content-Length: 743
Content-Type: application/x-www-form-urlencoded
exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2016-01-08+21%3A15%3A23&keyUsageCritical=true&submit=submit¬After=2017-12-28+21%3A15%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fobelix.roth.lan%3A80%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DROTH.LAN&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve]
do_writes shutting down send socket
do_writes exiting with (result = 0)
connection 1 read 9000 bytes (9000 total).
these bytes read:
connection 1 read 4334 bytes (13334 total).
these bytes read:
connection 1 read 13334 bytes total. -----------------------------
Done with possible addresses - exiting.
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-A' '-t' 'u,u,u' '-n' 'ipaCert' '-a' '-i' '/tmp/tmpbNpAwC'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/pki' '-d' '/etc/httpd/alias' '-C' '/etc/httpd/alias/pwdfile.txt' 'client-cert-show' 'ipaCert' '--client-cert' '/etc/httpd/alias/tmpMEts02'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG duration: 11 seconds
ipa : DEBUG [17/25]: adding RA agent as a trusted user
[17/25]: adding RA agent as a trusted user
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_3011163248
ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket from SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xb3631260>
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Certificate Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Registration Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2_3011163248
ipa : DEBUG duration: 2 seconds
ipa : DEBUG [18/25]: authorizing RA to modify profiles
[18/25]: authorizing RA to modify profiles
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_3010213776
ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket from SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xb35e1a30>
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2_3010213776
ipa : DEBUG duration: 2 seconds
ipa : DEBUG [19/25]: configure certmonger for renewals
[19/25]: configure certmonger for renewals
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'enable' 'certmonger.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service.
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'start' 'messagebus.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'messagebus.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'start' 'certmonger.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'certmonger.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [20/25]: configure certificate renewals
[20/25]: configure certificate renewals
ipa : DEBUG duration: 2 seconds
ipa : DEBUG [21/25]: configure RA certificate renewal
[21/25]: configure RA certificate renewal
ipa : DEBUG duration: 1 seconds
ipa : DEBUG [22/25]: configure Server-Cert certificate renewal
[22/25]: configure Server-Cert certificate renewal
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [23/25]: Configure HTTP to proxy connections
[23/25]: Configure HTTP to proxy connections
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [24/25]: restarting certificate server
[24/25]: restarting certificate server
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'restart' 'pki-tomcatd at pki-tomcat.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active
ipa : DEBUG stderr=
ipa : DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 1200
ipa : DEBUG Waiting until the CA is running
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:16:16-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:16:47-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:17:18-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:17:49-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:18:20-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:18:52-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:19:23-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:19:54-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:20:25-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:20:56-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:21:27-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:21:58-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:22:30-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=4
ipa : DEBUG stdout=
ipa : DEBUG stderr=--2016-01-08 21:23:01-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
Es ist nicht möglich, eine SSL-Verbindung herzustellen.
ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4
ipa : DEBUG Waiting for CA to start...
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.2.6-13.fc23</Version></XMLResponse>
ipa : DEBUG stderr=--2016-01-08 21:23:32-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus
Auflösen des Hostnamens »obelix.roth.lan (obelix.roth.lan)« … 192.168.178.10
Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 … verbunden.
WARNUNG: Das Zertifikat von »obelix.roth.lan« kann nicht geprüft werden, ausgestellt von »»CN=Certificate Authority,O=ROTH.LAN««:.
Ein selbst-signiertes Zertifikat wurde gefunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet …
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 169
Date: Fri, 08 Jan 2016 13:23:43 GMT
Länge: 169 [application/xml]
Wird in »»STDOUT«« gespeichert.
0K 100% 9,06M=0s
2016-01-08 21:23:43 (9,06 MB/s) - auf die Standardausgabe geschrieben [169/169]
ipa : DEBUG The CA status is: running
ipa : DEBUG duration: 477 seconds
ipa : DEBUG [25/25]: Importing IPA certificate profiles
[25/25]: Importing IPA certificate profiles
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG Trying to find certificate subject base in sysupgrade
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
ipa : DEBUG Found certificate subject base in sysupgrade: O=ROTH.LAN
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_3010212976
ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket from SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xb3196cb0>
ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/account/login'
ipa : DEBUG request body ''
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 200
ipa : DEBUG request reason_phrase u'OK'
ipa : DEBUG request headers {'content-length': '205', 'set-cookie': 'JSESSIONID=33A69CE55B4BD687FA96DDCA67C314B3; Path=/ca/; Secure; HttpOnly', 'expires': 'Thu, 01 Jan 1970 08:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Fri, 08 Jan 2016 13:23:57 GMT', 'content-type': 'application/xml'}
ipa : DEBUG request body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/profiles/raw'
ipa : DEBUG request body 'profileId=IECUserRoles\nclassId=caEnrollImpl\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=ROTH.LAN\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.roth.lan/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.roth.lan/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\n'
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 201
ipa : DEBUG request reason_phrase u'Created'
ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:23:58 GMT', 'content-length': '7318', 'content-type': 'application/json', 'location': 'https://obelix.roth.lan:8443/ca/rest/profiles/raw', 'server': 'Apache-Coyote/1.1'}
ipa : DEBUG request body '#Fri Jan 08 21:23:57 CST 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.roth.lan/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=ROTH.LAN\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.roth.lan/ca/ocsp\n'
ipa : DEBUG request u'https://obelix.roth.lan:8443/ca/rest/profiles/IECUserRoles?action=enable'
ipa : DEBUG request body ''
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 204
ipa : DEBUG request reason_phrase u'No Content'
ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:23:59 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
ipa : DEBUG request body ''
ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/account/logout'
ipa : DEBUG request body ''
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 204
ipa : DEBUG request reason_phrase u'No Content'
ipa : DEBUG request headers {'set-cookie': 'JSESSIONID=C41E786BBE2688A66F5FC34B96EFCC24; Path=/ca/; Secure; HttpOnly', 'expires': 'Thu, 01 Jan 1970 08:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Fri, 08 Jan 2016 13:23:59 GMT', 'content-type': 'application/xml'}
ipa : DEBUG request body ''
ipa : INFO Imported profile 'IECUserRoles'
ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/account/login'
ipa : DEBUG request body ''
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 200
ipa : DEBUG request reason_phrase u'OK'
ipa : DEBUG request headers {'content-length': '205', 'set-cookie': 'JSESSIONID=4805A98E045803A8E148C25E0A411251; Path=/ca/; Secure; HttpOnly', 'expires': 'Thu, 01 Jan 1970 08:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Fri, 08 Jan 2016 13:24:01 GMT', 'content-type': 'application/xml'}
ipa : DEBUG request body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/profiles/raw'
ipa : DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=ROTH.LAN\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.roth.lan/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.roth.lan/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\n'
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 400
ipa : DEBUG request reason_phrase u'Bad Request'
ipa : DEBUG request headers {'transfer-encoding': 'chunked', 'date': 'Fri, 08 Jan 2016 13:24:08 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
ipa : DEBUG request body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
ipa : DEBUG request u'https://obelix.roth.lan:8443/ca/rest/profiles/caIPAserviceCert?action=disable'
ipa : DEBUG request body ''
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 204
ipa : DEBUG request reason_phrase u'No Content'
ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:24:08 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
ipa : DEBUG request body ''
ipa : DEBUG request u'https://obelix.roth.lan:8443/ca/rest/profiles/caIPAserviceCert'
ipa : DEBUG request body ''
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 204
ipa : DEBUG request reason_phrase u'No Content'
ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:24:08 GMT', 'cache-control': 'private', 'content-type': 'application/json', 'expires': 'Thu, 01 Jan 1970 08:00:00 CST', 'server': 'Apache-Coyote/1.1'}
ipa : DEBUG request body ''
ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/profiles/raw'
ipa : DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=ROTH.LAN\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.roth.lan/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.roth.lan/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\n'
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 201
ipa : DEBUG request reason_phrase u'Created'
ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:24:09 GMT', 'content-length': '6993', 'content-type': 'application/json', 'location': 'https://obelix.roth.lan:8443/ca/rest/profiles/raw', 'server': 'Apache-Coyote/1.1'}
ipa : DEBUG request body '#Fri Jan 08 21:24:09 CST 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.roth.lan/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=ROTH.LAN\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.roth.lan/ca/ocsp\n'
ipa : DEBUG request u'https://obelix.roth.lan:8443/ca/rest/profiles/caIPAserviceCert?action=enable'
ipa : DEBUG request body ''
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 204
ipa : DEBUG request reason_phrase u'No Content'
ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:24:09 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
ipa : DEBUG request body ''
ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/account/logout'
ipa : DEBUG request body ''
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 204
ipa : DEBUG request reason_phrase u'No Content'
ipa : DEBUG request headers {'set-cookie': 'JSESSIONID=6F2D7A36C3C6B9766CF000B4D83CCC6E; Path=/ca/; Secure; HttpOnly', 'expires': 'Thu, 01 Jan 1970 08:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Fri, 08 Jan 2016 13:24:09 GMT', 'content-type': 'application/xml'}
ipa : DEBUG request body ''
ipa : INFO Imported profile 'caIPAserviceCert'
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2_3010212976
ipa : DEBUG duration: 27 seconds
ipa : DEBUG Done configuring certificate server (pki-tomcatd).
Done configuring certificate server (pki-tomcatd).
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-L' '-n' 'ROTH.LAN IPA CA' '-a'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=-----BEGIN CERTIFICATE-----
MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhST1RI
LkxBTjEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDEwODEy
NTgwMFoXDTM2MDEwODEyNTgwMFowMzERMA8GA1UECgwIUk9USC5MQU4xHjAcBgNV
BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALoOsokQgg7fIEuk/mW77hl1B3ONcjLy/DU68JIB3iLK0BPl8aSs
+6c65gfZKfK1Fm3K4trmbp+18rlaJDX2+5eVu7dB+Grk4YARulozYu6lT9IloCFW
FV6UULQCYLjbrCc5xkrwSsQd5dvckAp01p8KcHpL+vL4E2xD2k4O8jDfXaJWPe16
9OTam/4ukuXPqrQ2P9y8IkIrDMuJhDmgJVQq6bU4114gXWv6RJkgLMFrWlqI42QS
Nnt5l3vh+aewNMiJ2umbWDAg+BwedRsVoctG6PxiywFpNjdpzmMRLWhNuf7NzHVG
1Oh8D2r7GGz2sPMB2m6yttQlokAO29fIY3UCAwEAAaOBozCBoDAfBgNVHSMEGDAW
gBT2babfIoJv74qHNNmBJD/ZtH3VbDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
/wQEAwIBxjAdBgNVHQ4EFgQU9m2m3yKCb++KhzTZgSQ/2bR91WwwPQYIKwYBBQUH
AQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2JlbGl4LnJvdGgubGFuOjgwL2Nh
L29jc3AwDQYJKoZIhvcNAQELBQADggEBAEBmWRBjR/OHu5HayB645zS8zodPlbF8
vvlqfjVhoCPt83Eoz2tNtfIGUMS22ZoEIVuq0GdfdJpAdmBgkIEkYHha1GmsTxLm
q9uPaUbvmowpJgV6692IGeojduYifVUdl0bmHwz1B2vo0MD2XopaCBS+EVzOSsMD
ri/4gWGZYVsCYCjfGbWvywjD/uhRPHCbdX6Vv+fiMkZRTUZYV0iXsIUSmbl8cnEb
H3tZZ6o/TceO/QDHkTam9LAJKehxgMfLRCcs/5IrI8f7yvfqSU0cX96TvbWhs9n+
vaDd/7Vf74z+riTCFI03WslbSPtCilsnZa3z8++Ti91YFzc7RQdy/TA=
-----END CERTIFICATE-----
ipa : DEBUG stderr=
ipa : DEBUG Configuring directory server (dirsrv). Estimated time: 10 seconds
Configuring directory server (dirsrv). Estimated time: 10 seconds
ipa : DEBUG [1/3]: configuring ssl for ds instance
[1/3]: configuring ssl for ds instance
ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-O' '-n' 'ipaCert'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout="ROTH.LAN IPA CA" [CN=Certificate Authority,O=ROTH.LAN]
"ipaCert" [CN=IPA RA,O=ROTH.LAN]
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-L' '-n' 'ROTH.LAN IPA CA' '-a'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=-----BEGIN CERTIFICATE-----
MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhST1RI
LkxBTjEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDEwODEy
NTgwMFoXDTM2MDEwODEyNTgwMFowMzERMA8GA1UECgwIUk9USC5MQU4xHjAcBgNV
BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALoOsokQgg7fIEuk/mW77hl1B3ONcjLy/DU68JIB3iLK0BPl8aSs
+6c65gfZKfK1Fm3K4trmbp+18rlaJDX2+5eVu7dB+Grk4YARulozYu6lT9IloCFW
FV6UULQCYLjbrCc5xkrwSsQd5dvckAp01p8KcHpL+vL4E2xD2k4O8jDfXaJWPe16
9OTam/4ukuXPqrQ2P9y8IkIrDMuJhDmgJVQq6bU4114gXWv6RJkgLMFrWlqI42QS
Nnt5l3vh+aewNMiJ2umbWDAg+BwedRsVoctG6PxiywFpNjdpzmMRLWhNuf7NzHVG
1Oh8D2r7GGz2sPMB2m6yttQlokAO29fIY3UCAwEAAaOBozCBoDAfBgNVHSMEGDAW
gBT2babfIoJv74qHNNmBJD/ZtH3VbDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
/wQEAwIBxjAdBgNVHQ4EFgQU9m2m3yKCb++KhzTZgSQ/2bR91WwwPQYIKwYBBQUH
AQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2JlbGl4LnJvdGgubGFuOjgwL2Nh
L29jc3AwDQYJKoZIhvcNAQELBQADggEBAEBmWRBjR/OHu5HayB645zS8zodPlbF8
vvlqfjVhoCPt83Eoz2tNtfIGUMS22ZoEIVuq0GdfdJpAdmBgkIEkYHha1GmsTxLm
q9uPaUbvmowpJgV6692IGeojduYifVUdl0bmHwz1B2vo0MD2XopaCBS+EVzOSsMD
ri/4gWGZYVsCYCjfGbWvywjD/uhRPHCbdX6Vv+fiMkZRTUZYV0iXsIUSmbl8cnEb
H3tZZ6o/TceO/QDHkTam9LAJKehxgMfLRCcs/5IrI8f7yvfqSU0cX96TvbWhs9n+
vaDd/7Vf74z+riTCFI03WslbSPtCilsnZa3z8++Ti91YFzc7RQdy/TA=
-----END CERTIFICATE-----
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-ROTH-LAN/' '-L' '-n' 'ROTH.LAN IPA CA' '-a'
ipa : DEBUG Process finished, return code=255
ipa : DEBUG stdout=
ipa : DEBUG stderr=certutil: Could not find cert: ROTH.LAN IPA CA
: PR_FILE_NOT_FOUND_ERROR: File not found
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-ROTH-LAN/' '-N' '-f' '/etc/dirsrv/slapd-ROTH-LAN//pwdfile.txt'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-ROTH-LAN/' '-A' '-n' 'ROTH.LAN IPA CA' '-t' 'CT,C,C' '-a'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-ROTH-LAN/' '-R' '-s' 'CN=obelix.roth.lan,O=ROTH.LAN' '-o' '/var/lib/ipa/ipa-Hd3Epn/tmpcertreq' '-k' 'rsa' '-g' '2048' '-z' '/etc/dirsrv/slapd-ROTH-LAN//noise.txt' '-f' '/etc/dirsrv/slapd-ROTH-LAN//pwdfile.txt' '-a'
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
Generating key. This may take a few moments...
ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/ee/ca/profileSubmitSSLClient'
ipa : DEBUG request body 'profileId=caIPAserviceCert&requestor_name=IPA+Installer&cert_request=MIICcjCCAVoCAQAwLTERMA8GA1UEChMIUk9USC5MQU4xGDAWBgNVBAMTD29iZWxp%0D%0AeC5yb3RoLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAP9ArEyE%0D%0AtOOxtZ7YZKs%2Bf85ddv9RP4ayHURNgFfpFxxlTwprzKp%2BCrKaN1erdrKlrYXojt%2Bp%0D%0Aa2U1d%2FgQkHrsAeUv8DpwGtj0bPFcklNoFiJRUHwCD52B1f3u1X%2FHxqE%2BxnOL50ju%0D%0Ah33j58XC6oyVjIIUm0M%2BXG%2BoRiIpZMz4Ol0%2BrCiCs%2BEzLzMvvogVDK4%2BxGbM%2BNaw%0D%0AnDCfhdgtpYpM703SVxs52I4rbllmi68Y3ZTmVVC8qx8IepVTDG8GbugjJhJB7C0W%0D%0ATCyuAdAILpOFTuaCFoXSp5HC1Lc1fCowp3d0q1CerxgzwwObgV0nXVg3XRbRuLE0%0D%0AscBovrVkfo65BjkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBfZUdg8ASNljbZ%0D%0ARnCcFaMdkoFsd3hsdXF4e%2BadJ%2FFft4wtK4aUre6STE21TrDXOLjYKMn6dseYWuOk%0D%0Ajqw27wMb%2BTHjpqDcHH76oF0ochOOyIMVhawENSP86kAG5bc69wPB2KJkbpZHigbc%0D%0AtQX9orkzpuWM5mZca7XEuAWekf%2FP2AK4hXeCw0E6szKXxHadFu2PQaxBtfYJBxSF%0D%0AdkNh3wvffaXqN0hOkTnEdZEWj3XHQpnV3Xd%2Fn0DqXoYXFcR2qNcXy3gCI4hRoOBv%0D%0ALGgiz%2F%2F24NkA5m4sfSQ6LpYX%2B0xP5BNfkXtrhk4unGmhitTgENSRyLxvbl4gk8HX%0D%0AqRPArP3f%0A&cert_request_type=pkcs10&xmlOutput=true'
ipa : DEBUG NSSConnection init obelix.roth.lan
ipa : DEBUG Connecting: 192.168.178.10:0
ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ROTH.LAN
Validity:
Not Before: Fri Jan 08 12:58:35 2016 UTC
Not After: Thu Dec 28 12:58:35 2017 UTC
Subject: CN=obelix.roth.lan,O=ROTH.LAN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1:
7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be:
25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d:
50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4:
fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c:
68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db:
de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e:
11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63:
55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56:
60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c:
0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc:
d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7:
c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf:
98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b:
5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d:
67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad
Exponent:
65537 (0x10001)
Signed Extensions: (4 total)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9:
b4:7d:d5:6c
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Authority Information Access: [1 total]
Info [1]:
Method: PKIX Online Certificate Status Protocol
Location: URI: http://obelix.roth.lan:80/ca/ocsp
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72:
bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31:
d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9:
d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41:
4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d:
b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7:
50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7:
c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88:
12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4:
90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18:
55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53:
66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50:
35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9:
7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1:
c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22:
13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11
Fingerprint (MD5):
21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17
Fingerprint (SHA1):
13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c:
ad:7a:01:52
ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server
ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN"
ipa : DEBUG handshake complete, peer = 192.168.178.10:8443
ipa : DEBUG Protocol: TLS1.2
ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
ipa : DEBUG request status 200
ipa : DEBUG request reason_phrase u'OK'
ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:24:17 GMT', 'content-length': '134', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
ipa : DEBUG request body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>1</Status><Error>Policy Set Not Found</Error></XMLResponse>'
ipa : DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 416, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 406, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 637, in __enable_ssl
self.nickname, self.fqdn, cadb)
File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 337, in create_server_cert
cdb.issue_server_cert(self.certreq_fname, self.certder_fname)
File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 419, in issue_server_cert
raise RuntimeError("Certificate issuance failed")
RuntimeError: Certificate issuance failed
ipa : DEBUG [error] RuntimeError: Certificate issuance failed
[error] RuntimeError: Certificate issuance failed
ipa.ipapython.install.cli.install_tool(Server): DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 307, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 294, in run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 316, in execute
for nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 356, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 346, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from
raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 557, in _configure
executor.next()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 356, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 435, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 432, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 346, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from
raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
for nothing in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1285, in main
install(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 257, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 779, in install
ds.enable_ssl()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 327, in enable_ssl
self.start_creation(runtime=10)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 416, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 406, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 637, in __enable_ssl
self.nickname, self.fqdn, cadb)
File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 337, in create_server_cert
cdb.issue_server_cert(self.certreq_fname, self.certder_fname)
File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 419, in issue_server_cert
raise RuntimeError("Certificate issuance failed")
ipa.ipapython.install.cli.install_tool(Server): DEBUG The ipa-server-install command failed, exception: RuntimeError: Certificate issuance failed
ipa.ipapython.install.cli.install_tool(Server): ERROR Certificate issuance failed
[root at obelix ~]#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipaserver-install.log
Type: text/x-log
Size: 403439 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160110/2e566aec/attachment.bin>
More information about the Freeipa-users
mailing list