[Freeipa-users] Upgrade to FreeIPA 4.2.0 broke Katello/Foreman realm proxy
nathan at nathanpeters.com
nathan at nathanpeters.com
Mon Jan 11 23:01:40 UTC 2016
I'm not sure which mailing list is the best for this because it involves 2
products, but I think the fault here is with FreeIPA.
Basically I have a Katello server running as a realm proxy. It is joined
as a client to the FreeIPA domain. I have provisioned 20 hosts last week
using its Foreman realm proxy feature and they all worked fine.
This weekend I updated to Katello 2.4/FreeIPA 4.2.0. Now, when I create a
new host, it is not properly provisioned.
A post to the foreman users mailing list seems to indicate that foreman is
working because it got an OTP from FreeIP :
https://groups.google.com/forum/#!topic/foreman-users/GlGSM6EAyUs
However, even through an OTP is retrieved, the host record is not created
in FreeIPA. When I login to the webui and search for the host by name,
nothing is found.
Here are the dirsrv logs from the IPA server that Katello is contacting.
I see what appears to be an attempt to create a host, and no error
messages indicating a failure, but the host is not actually created.
[11/Jan/2016:22:45:03 +0000] conn=36483 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="namingContexts"
[11/Jan/2016:22:45:03 +0000] conn=36483 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:04 +0000] conn=36483 op=1 UNBIND
[11/Jan/2016:22:45:04 +0000] conn=36483 op=1 fd=112 closed - U1
[11/Jan/2016:22:45:06 +0000] conn=36484 fd=112 slot=112 connection from
10.21.2.100 to 10.178.0.99
[11/Jan/2016:22:45:06 +0000] conn=36484 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[11/Jan/2016:22:45:06 +0000] conn=36484 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:06 +0000] conn=36484 op=-1 fd=112 closed - Peer reports
failure of signature verification or key exchange.
[11/Jan/2016:22:45:07 +0000] conn=36237 op=5 UNBIND
[11/Jan/2016:22:45:07 +0000] conn=36237 op=5 fd=150 closed - U1
[11/Jan/2016:22:45:10 +0000] conn=36485 fd=112 slot=112 connection from
10.21.0.150 to 10.178.0.99
[11/Jan/2016:22:45:10 +0000] conn=36485 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures supportedLDAPVersion
supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext
lastusn highestcommittedusn aci"
[11/Jan/2016:22:45:10 +0000] conn=36485 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=6 op=236763 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:10 +0000] conn=6 op=236763 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=6 op=236764 SRCH
base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0
filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData
ipaUserAuthType"
[11/Jan/2016:22:45:10 +0000] conn=6 op=236764 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=6 op=236765 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:10 +0000] conn=6 op=236765 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=6 op=236766 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:10 +0000] conn=6 op=236766 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=6 op=236767 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:10 +0000] conn=6 op=236767 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=5 op=159875 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:10 +0000] conn=5 op=159875 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=5 op=159876 SRCH
base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0
filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData
ipaUserAuthType"
[11/Jan/2016:22:45:10 +0000] conn=5 op=159876 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=5 op=159877 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:10 +0000] conn=5 op=159877 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=5 op=159878 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:10 +0000] conn=5 op=159878 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=5 op=159879 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:10 +0000] conn=5 op=159879 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=5 op=159880 SRCH
base="fqdn=fe1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber
krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[11/Jan/2016:22:45:10 +0000] conn=5 op=159880 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=5 op=159881 SRCH
base="cn=fe1.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs=ALL
[11/Jan/2016:22:45:10 +0000] conn=5 op=159881 RESULT err=32 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:10 +0000] conn=5 op=159882 MOD
dn="fqdn=fe1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:10 +0000] conn=5 op=159882 RESULT err=0 tag=103
nentries=0 etime=0 csn=56943163000900030000
[11/Jan/2016:22:45:10 +0000] conn=6 op=236768 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:10 +0000] conn=6 op=236768 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=6 op=236769 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:10 +0000] conn=6 op=236769 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=6 op=236770 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:10 +0000] conn=6 op=236770 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=6 op=236771 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1.mydomain.net at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:10 +0000] conn=6 op=236771 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=6 op=236772 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:10 +0000] conn=6 op=236772 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:10 +0000] conn=36485 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:10 +0000] conn=36485 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:10 +0000] conn=36485 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:10 +0000] conn=36485 op=2 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:10 +0000] conn=36485 op=3 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:10 +0000] conn=36485 op=3 RESULT err=0 tag=97
nentries=0 etime=0
dn="fqdn=fe1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:10 +0000] conn=36485 op=4 SRCH
base="ou=SUDOers,dc=mydomain,dc=net" scope=2
filter="(&(&(objectClass=sudoRole)(entryusn>=1780198)(!(entryusn=1780198)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1.mydomain.net)(sudoHost=fe1)(sudoHost=10.21.0.150)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:66cd)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))"
attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs
sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder
entryusn"
[11/Jan/2016:22:45:10 +0000] conn=36485 op=4 RESULT err=0 tag=101
nentries=1 etime=0 notes=P pr_idx=0
[11/Jan/2016:22:45:13 +0000] conn=17878 op=43113 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[11/Jan/2016:22:45:13 +0000] conn=17878 op=43113 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:13 +0000] conn=17878 op=43114 EXT
oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session"
[11/Jan/2016:22:45:13 +0000] conn=17878 op=43114 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:13 +0000] conn=17878 op=43115 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[11/Jan/2016:22:45:13 +0000] conn=17878 op=43115 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:13 +0000] conn=17878 op=43116 EXT
oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session"
[11/Jan/2016:22:45:13 +0000] conn=17878 op=43116 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:14 +0000] conn=36486 fd=150 slot=150 connection from
10.21.100.248 to 10.178.0.99
[11/Jan/2016:22:45:14 +0000] conn=36486 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures supportedLDAPVersion
supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext
lastusn highestcommittedusn aci"
[11/Jan/2016:22:45:14 +0000] conn=36486 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=6 op=236773 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/centos6.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/centos6.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:14 +0000] conn=6 op=236773 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=6 op=236774 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:14 +0000] conn=6 op=236774 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=6 op=236775 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:14 +0000] conn=6 op=236775 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=6 op=236776 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:14 +0000] conn=6 op=236776 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=5 op=159883 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/centos6.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/centos6.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:14 +0000] conn=5 op=159883 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=5 op=159884 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:14 +0000] conn=5 op=159884 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=5 op=159885 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:14 +0000] conn=5 op=159885 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=5 op=159886 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:14 +0000] conn=5 op=159886 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=5 op=159887 SRCH
base="fqdn=centos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber
krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[11/Jan/2016:22:45:14 +0000] conn=5 op=159887 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=5 op=159888 SRCH
base="cn=centos6.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs=ALL
[11/Jan/2016:22:45:14 +0000] conn=5 op=159888 RESULT err=32 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:14 +0000] conn=5 op=159889 MOD
dn="fqdn=centos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:14 +0000] conn=5 op=159889 RESULT err=0 tag=103
nentries=0 etime=0 csn=56943170000700030000
[11/Jan/2016:22:45:14 +0000] conn=6 op=236777 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:14 +0000] conn=6 op=236777 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=6 op=236778 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:14 +0000] conn=6 op=236778 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=6 op=236779 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:14 +0000] conn=6 op=236779 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=6 op=236780 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/centos6.mydomain.net at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:14 +0000] conn=6 op=236780 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=6 op=236781 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:14 +0000] conn=6 op=236781 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:14 +0000] conn=36486 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:14 +0000] conn=36486 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:14 +0000] conn=36486 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:14 +0000] conn=36486 op=2 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:14 +0000] conn=36486 op=3 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:14 +0000] conn=36486 op=3 RESULT err=0 tag=97
nentries=0 etime=0
dn="fqdn=centos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:14 +0000] conn=36486 op=4 SRCH
base="ou=SUDOers,dc=mydomain,dc=net" scope=2
filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=centos6.mydomain.net)(sudoHost=centos6)(sudoHost=10.21.100.248)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:5e89)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))"
attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs
sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder
entryusn"
[11/Jan/2016:22:45:14 +0000] conn=36486 op=4 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
[11/Jan/2016:22:45:14 +0000] conn=36238 op=5 UNBIND
[11/Jan/2016:22:45:14 +0000] conn=36238 op=5 fd=163 closed - U1
[11/Jan/2016:22:45:15 +0000] conn=36239 op=5 UNBIND
[11/Jan/2016:22:45:15 +0000] conn=36239 op=5 fd=166 closed - U1
[11/Jan/2016:22:45:18 +0000] conn=36240 op=5 UNBIND
[11/Jan/2016:22:45:18 +0000] conn=36240 op=5 fd=167 closed - U1
[11/Jan/2016:22:45:20 +0000] conn=36241 op=5 UNBIND
[11/Jan/2016:22:45:20 +0000] conn=36241 op=5 fd=170 closed - U1
[11/Jan/2016:22:45:21 +0000] conn=36487 fd=163 slot=163 connection from
10.21.31.101 to 10.178.0.99
[11/Jan/2016:22:45:21 +0000] conn=36487 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures supportedLDAPVersion
supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext
lastusn highestcommittedusn aci"
[11/Jan/2016:22:45:21 +0000] conn=36487 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=6 op=236782 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/db1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/db1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:21 +0000] conn=6 op=236782 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=6 op=236783 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:21 +0000] conn=6 op=236783 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=6 op=236784 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:21 +0000] conn=6 op=236784 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=6 op=236785 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:21 +0000] conn=6 op=236785 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=5 op=159890 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/db1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/db1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:21 +0000] conn=5 op=159890 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=5 op=159891 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:21 +0000] conn=5 op=159891 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=5 op=159892 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:21 +0000] conn=5 op=159892 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=5 op=159893 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:21 +0000] conn=5 op=159893 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=5 op=159894 SRCH
base="fqdn=db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber
krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[11/Jan/2016:22:45:21 +0000] conn=5 op=159894 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=5 op=159895 SRCH
base="cn=db1.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs=ALL
[11/Jan/2016:22:45:21 +0000] conn=5 op=159895 RESULT err=32 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:21 +0000] conn=5 op=159896 MOD
dn="fqdn=db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:21 +0000] conn=5 op=159896 RESULT err=0 tag=103
nentries=0 etime=0 csn=56943170000b00030000
[11/Jan/2016:22:45:21 +0000] conn=6 op=236786 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:21 +0000] conn=6 op=236786 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=6 op=236787 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:21 +0000] conn=6 op=236787 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=6 op=236788 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:21 +0000] conn=6 op=236788 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=6 op=236789 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/db1.mydomain.net at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:21 +0000] conn=6 op=236789 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=6 op=236790 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:21 +0000] conn=6 op=236790 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:21 +0000] conn=36487 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:21 +0000] conn=36487 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:21 +0000] conn=36487 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:21 +0000] conn=36487 op=2 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:21 +0000] conn=36487 op=3 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:21 +0000] conn=36487 op=3 RESULT err=0 tag=97
nentries=0 etime=0
dn="fqdn=db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:21 +0000] conn=36487 op=4 SRCH
base="ou=SUDOers,dc=mydomain,dc=net" scope=2
filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=db1.mydomain.net)(sudoHost=db1)(sudoHost=10.21.31.101)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:ef)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))"
attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs
sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder
entryusn"
[11/Jan/2016:22:45:21 +0000] conn=36487 op=4 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
[11/Jan/2016:22:45:21 +0000] conn=36488 fd=166 slot=166 connection from
10.21.29.82 to 10.178.0.99
[11/Jan/2016:22:45:21 +0000] conn=36488 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures supportedLDAPVersion
supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext
lastusn highestcommittedusn aci"
[11/Jan/2016:22:45:21 +0000] conn=36488 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236791 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/cass1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/cass1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236791 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236792 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236792 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236793 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236793 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236794 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236794 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236795 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/cass1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/cass1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236795 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236796 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236796 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236797 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236797 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236798 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236798 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236799 SRCH
base="fqdn=cass1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber
krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236799 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236800 SRCH
base="cn=cass1.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs=ALL
[11/Jan/2016:22:45:22 +0000] conn=6 op=236800 RESULT err=32 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236801 MOD
dn="fqdn=cass1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236801 RESULT err=0 tag=103
nentries=0 etime=0 csn=56943170000d00030000
[11/Jan/2016:22:45:22 +0000] conn=6 op=236802 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236802 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236803 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236803 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236804 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236804 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236805 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/cass1.mydomain.net at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236805 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=6 op=236806 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:22 +0000] conn=6 op=236806 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:22 +0000] conn=36488 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:22 +0000] conn=36488 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:22 +0000] conn=36488 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:22 +0000] conn=36488 op=2 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:22 +0000] conn=36488 op=3 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:22 +0000] conn=36488 op=3 RESULT err=0 tag=97
nentries=0 etime=0
dn="fqdn=cass1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:22 +0000] conn=36488 op=4 SRCH
base="ou=SUDOers,dc=mydomain,dc=net" scope=2
filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=cass1.mydomain.net)(sudoHost=cass1)(sudoHost=10.21.29.82)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:31ae)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))"
attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs
sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder
entryusn"
[11/Jan/2016:22:45:22 +0000] conn=36488 op=4 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
[11/Jan/2016:22:45:24 +0000] conn=17878 op=43117 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[11/Jan/2016:22:45:24 +0000] conn=17878 op=43117 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:24 +0000] conn=17878 op=43118 EXT
oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session"
[11/Jan/2016:22:45:24 +0000] conn=17878 op=43118 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:24 +0000] conn=17878 op=43119 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[11/Jan/2016:22:45:24 +0000] conn=17878 op=43119 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:24 +0000] conn=17878 op=43120 EXT
oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session"
[11/Jan/2016:22:45:24 +0000] conn=17878 op=43120 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:25 +0000] conn=36489 fd=167 slot=167 connection from
10.21.35.21 to 10.178.0.99
[11/Jan/2016:22:45:25 +0000] conn=36489 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures supportedLDAPVersion
supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext
lastusn highestcommittedusn aci"
[11/Jan/2016:22:45:25 +0000] conn=36489 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236807 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/es1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/es1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236807 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236808 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236808 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236809 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236809 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236810 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236810 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236811 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/es1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/es1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236811 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236812 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236812 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236813 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236813 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236814 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236814 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236815 SRCH
base="fqdn=es1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber
krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236815 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236816 SRCH
base="cn=es1.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs=ALL
[11/Jan/2016:22:45:25 +0000] conn=6 op=236816 RESULT err=32 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236817 MOD
dn="fqdn=es1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236817 RESULT err=0 tag=103
nentries=0 etime=0 csn=5694317c000600030000
[11/Jan/2016:22:45:25 +0000] conn=6 op=236818 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236818 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236819 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236819 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236820 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236820 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236821 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/es1.mydomain.net at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236821 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=6 op=236822 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:25 +0000] conn=6 op=236822 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:25 +0000] conn=36489 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:25 +0000] conn=36489 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:25 +0000] conn=36489 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:25 +0000] conn=36489 op=2 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:25 +0000] conn=36489 op=3 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:25 +0000] conn=36489 op=3 RESULT err=0 tag=97
nentries=0 etime=0
dn="fqdn=es1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:25 +0000] conn=36489 op=4 SRCH
base="ou=SUDOers,dc=mydomain,dc=net" scope=2
filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=es1.mydomain.net)(sudoHost=es1)(sudoHost=10.21.35.21)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:7827)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))"
attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs
sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder
entryusn"
[11/Jan/2016:22:45:25 +0000] conn=36489 op=4 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
[11/Jan/2016:22:45:25 +0000] conn=17878 op=43121 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[11/Jan/2016:22:45:25 +0000] conn=17878 op=43121 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:25 +0000] conn=17878 op=43122 EXT
oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session"
[11/Jan/2016:22:45:25 +0000] conn=17878 op=43122 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:25 +0000] conn=17878 op=43123 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[11/Jan/2016:22:45:25 +0000] conn=17878 op=43123 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:25 +0000] conn=17878 op=43124 EXT
oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session"
[11/Jan/2016:22:45:25 +0000] conn=17878 op=43124 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:26 +0000] conn=36490 fd=170 slot=170 connection from
10.21.8.92 to 10.178.0.99
[11/Jan/2016:22:45:26 +0000] conn=36490 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures supportedLDAPVersion
supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext
lastusn highestcommittedusn aci"
[11/Jan/2016:22:45:26 +0000] conn=36490 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236823 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/logger2.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/logger2.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236823 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236824 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236824 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236825 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236825 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236826 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236826 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236827 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/logger2.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/logger2.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236827 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236828 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236828 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236829 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236829 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236830 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236830 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236831 SRCH
base="fqdn=logger2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber
krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236831 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236832 SRCH
base="cn=logger2.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs=ALL
[11/Jan/2016:22:45:26 +0000] conn=6 op=236832 RESULT err=32 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236833 MOD
dn="fqdn=logger2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236833 RESULT err=0 tag=103
nentries=0 etime=0 csn=5694317d000700030000
[11/Jan/2016:22:45:26 +0000] conn=6 op=236834 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236834 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236835 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236835 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236836 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236836 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236837 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/logger2.mydomain.net at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236837 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=6 op=236838 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:26 +0000] conn=6 op=236838 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:26 +0000] conn=36490 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:26 +0000] conn=36490 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:26 +0000] conn=36490 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:26 +0000] conn=36490 op=2 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:26 +0000] conn=36490 op=3 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:26 +0000] conn=36490 op=3 RESULT err=0 tag=97
nentries=0 etime=0
dn="fqdn=logger2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:26 +0000] conn=36490 op=4 SRCH
base="ou=SUDOers,dc=mydomain,dc=net" scope=2
filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=logger2.mydomain.net)(sudoHost=logger2)(sudoHost=10.21.8.92)(sudoHost=10.21.0.0/16)(sudoHost=fe80::21f:29ff:fee8:671c)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))"
attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs
sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder
entryusn"
[11/Jan/2016:22:45:26 +0000] conn=36490 op=4 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
[11/Jan/2016:22:45:27 +0000] conn=17878 op=43125 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[11/Jan/2016:22:45:27 +0000] conn=17878 op=43125 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:27 +0000] conn=17878 op=43126 EXT
oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session"
[11/Jan/2016:22:45:27 +0000] conn=17878 op=43126 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:28 +0000] conn=36491 fd=241 slot=241 connection from
10.21.5.241 to 10.178.0.99
[11/Jan/2016:22:45:28 +0000] conn=36491 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures supportedLDAPVersion
supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext
lastusn highestcommittedusn aci"
[11/Jan/2016:22:45:28 +0000] conn=36491 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:28 +0000] conn=36491 op=1 UNBIND
[11/Jan/2016:22:45:28 +0000] conn=36491 op=1 fd=241 closed - U1
[11/Jan/2016:22:45:31 +0000] conn=36492 fd=241 slot=241 SSL connection
from 10.21.2.100 to 10.178.0.99
[11/Jan/2016:22:45:31 +0000] conn=36492 op=-1 fd=241 closed - Encountered
end of file.
[11/Jan/2016:22:45:32 +0000] conn=5 op=159897 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=realm-proxy at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:32 +0000] conn=5 op=159897 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=5 op=159898 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:32 +0000] conn=5 op=159898 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=5 op=159899 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:32 +0000] conn=5 op=159899 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=5 op=159900 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:32 +0000] conn=5 op=159900 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=5 op=159901 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=realm-proxy at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:32 +0000] conn=5 op=159901 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=5 op=159902 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:32 +0000] conn=5 op=159902 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=5 op=159903 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:32 +0000] conn=5 op=159903 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=5 op=159904 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:32 +0000] conn=5 op=159904 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=5 op=159905 SRCH
base="uid=realm-proxy,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0
filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber
krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[11/Jan/2016:22:45:32 +0000] conn=5 op=159905 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=5 op=159906 MOD
dn="uid=realm-proxy,cn=users,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:32 +0000] conn=5 op=159906 RESULT err=0 tag=103
nentries=0 etime=0 csn=5694317f000400030000
[11/Jan/2016:22:45:32 +0000] conn=6 op=236839 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236839 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=6 op=236840 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236840 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=6 op=236841 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236841 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=6 op=236842 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=realm-proxy at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236842 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=6 op=236843 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236843 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=36493 fd=241 slot=241 connection from
10.178.0.99 to 10.178.0.99
[11/Jan/2016:22:45:32 +0000] conn=6 op=236844 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236844 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=6 op=236845 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236845 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=6 op=236846 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236846 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=6 op=236847 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc1.mydomain.net at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236847 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=6 op=236848 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236848 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=6 op=236849 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc1.mydomain.net at MYDOMAIN.NET))"
attrs="objectClass memberPrincipal"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236849 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=6 op=236850 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=realm-proxy at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236850 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=6 op=236851 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:32 +0000] conn=6 op=236851 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=36493 op=0 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:32 +0000] conn=36493 op=0 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:32 +0000] conn=36493 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:32 +0000] conn=36493 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:32 +0000] conn=36493 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:32 +0000] conn=36493 op=2 RESULT err=0 tag=97
nentries=0 etime=0
dn="uid=realm-proxy,cn=users,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:32 +0000] conn=36493 op=3 SRCH
base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0
filter="(objectClass=*)" attrs=ALL
[11/Jan/2016:22:45:32 +0000] conn=36493 op=3 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:32 +0000] conn=36493 op=4 SRCH
base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs=""
[11/Jan/2016:22:45:32 +0000] conn=36493 op=4 RESULT err=32 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:32 +0000] conn=36493 op=5 SRCH
base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2
filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=testhostcentos6.mydomain.net))"
attrs=""
[11/Jan/2016:22:45:32 +0000] conn=36493 op=5 RESULT err=0 tag=101
nentries=0 etime=0 notes=U
[11/Jan/2016:22:45:32 +0000] conn=36493 op=6 SRCH
base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description
nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn
managedBy ipaAssignedIDView userCertificate krbPrincipalName
nsHostLocation userClass"
[11/Jan/2016:22:45:32 +0000] conn=36493 op=6 RESULT err=32 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:32 +0000] conn=36493 op=7 UNBIND
[11/Jan/2016:22:45:32 +0000] conn=36493 op=7 fd=241 closed - U1
[11/Jan/2016:22:45:32 +0000] conn=36494 fd=241 slot=241 connection from
10.178.0.99 to 10.178.0.99
[11/Jan/2016:22:45:32 +0000] conn=6 op=236852 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:33 +0000] conn=6 op=236852 RESULT err=0 tag=101
nentries=1 etime=1
[11/Jan/2016:22:45:33 +0000] conn=6 op=236853 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:33 +0000] conn=6 op=236853 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=6 op=236854 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:33 +0000] conn=6 op=236854 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=6 op=236855 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc1.mydomain.net at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:33 +0000] conn=6 op=236855 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=6 op=236856 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:33 +0000] conn=6 op=236856 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=6 op=236857 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc1.mydomain.net at MYDOMAIN.NET))"
attrs="objectClass memberPrincipal"
[11/Jan/2016:22:45:33 +0000] conn=6 op=236857 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=6 op=236858 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=realm-proxy at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:33 +0000] conn=6 op=236858 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=6 op=236859 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:33 +0000] conn=6 op=236859 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=36494 op=0 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:33 +0000] conn=36494 op=0 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:33 +0000] conn=36494 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:33 +0000] conn=36494 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:33 +0000] conn=36494 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:33 +0000] conn=36494 op=2 RESULT err=0 tag=97
nentries=0 etime=0
dn="uid=realm-proxy,cn=users,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:33 +0000] conn=36494 op=3 SRCH
base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0
filter="(objectClass=*)" attrs=ALL
[11/Jan/2016:22:45:33 +0000] conn=36494 op=3 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=36494 op=4 SRCH
base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs=""
[11/Jan/2016:22:45:33 +0000] conn=36494 op=4 RESULT err=32 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:33 +0000] conn=36494 op=5 SRCH
base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2
filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=testhostcentos6.mydomain.net))"
attrs=""
[11/Jan/2016:22:45:33 +0000] conn=36494 op=5 RESULT err=0 tag=101
nentries=0 etime=0 notes=U
[11/Jan/2016:22:45:33 +0000] conn=36494 op=6 ADD
dn="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:33 +0000] conn=36494 op=6 RESULT err=0 tag=105
nentries=0 etime=0 csn=5694317f000700030000
[11/Jan/2016:22:45:33 +0000] conn=36494 op=7 SRCH
base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description
nsHardwarePlatform objectClass ipaAllowedToPerform memberofindirect l
nsOsVersion fqdn managedBy ipaAssignedIDView ipaUniqueID userCertificate
krbPrincipalName nsHostLocation userClass"
[11/Jan/2016:22:45:33 +0000] conn=36494 op=7 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=36494 op=8 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(|(member=fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))"
attrs=""
[11/Jan/2016:22:45:33 +0000] conn=36494 op=8 RESULT err=0 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:33 +0000] conn=36494 op=9 SRCH
base="cn=dns,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)"
attrs=ALL
[11/Jan/2016:22:45:33 +0000] conn=36494 op=9 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=36494 op=10 SRCH
base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(userPassword=*)" attrs="userPassword"
[11/Jan/2016:22:45:33 +0000] conn=36494 op=10 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=36494 op=11 SRCH
base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey"
[11/Jan/2016:22:45:33 +0000] conn=36494 op=11 RESULT err=0 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:33 +0000] conn=36494 op=12 SRCH
base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey"
[11/Jan/2016:22:45:33 +0000] conn=36494 op=12 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=36494 op=13 UNBIND
[11/Jan/2016:22:45:33 +0000] conn=36494 op=13 fd=241 closed - U1
[11/Jan/2016:22:45:33 +0000] conn=36495 fd=241 slot=241 connection from
10.21.2.100 to 10.178.0.99
[11/Jan/2016:22:45:33 +0000] conn=36495 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="namingContexts"
[11/Jan/2016:22:45:33 +0000] conn=36495 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:33 +0000] conn=36495 op=1 UNBIND
[11/Jan/2016:22:45:33 +0000] conn=36495 op=1 fd=241 closed - U1
[11/Jan/2016:22:45:33 +0000] conn=36244 op=5 UNBIND
[11/Jan/2016:22:45:33 +0000] conn=36244 op=5 fd=171 closed - U1
[11/Jan/2016:22:45:34 +0000] conn=36245 op=5 UNBIND
[11/Jan/2016:22:45:34 +0000] conn=36245 op=5 fd=172 closed - U1
[11/Jan/2016:22:45:36 +0000] conn=36386 op=19 SRCH
base="cn=accounts,dc=mydomain,dc=net" scope=2
filter="(&(uid=foreman)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[11/Jan/2016:22:45:36 +0000] conn=36386 op=19 RESULT err=0 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:37 +0000] conn=36456 op=5 SRCH
base="cn=ranges,cn=etc,dc=mydomain,dc=net" scope=2
filter="(objectClass=ipaIDRange)" attrs="objectClass cn ipaBaseID
ipaBaseRID ipaSecondaryBaseRID ipaIDRangeSize ipaNTTrustedDomainSID
ipaRangeType"
[11/Jan/2016:22:45:37 +0000] conn=36456 op=5 RESULT err=0 tag=101
nentries=3 etime=0
[11/Jan/2016:22:45:37 +0000] conn=36456 op=6 SRCH
base="cn=trusts,dc=mydomain,dc=net" scope=2
filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTFlatName
ipaNTTrustedDomainSID"
[11/Jan/2016:22:45:37 +0000] conn=36456 op=6 RESULT err=0 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:37 +0000] conn=36456 op=7 SRCH
base="cn=ad,cn=etc,dc=mydomain,dc=net" scope=2
filter="(objectClass=ipaNTDomainAttrs)" attrs="cn ipaNTFlatName
ipaNTSecurityIdentifier"
[11/Jan/2016:22:45:37 +0000] conn=36456 op=7 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:37 +0000] conn=36246 op=5 UNBIND
[11/Jan/2016:22:45:37 +0000] conn=36246 op=5 fd=185 closed - U1
[11/Jan/2016:22:45:38 +0000] conn=36496 fd=171 slot=171 connection from
10.21.2.100 to 10.178.0.99
[11/Jan/2016:22:45:38 +0000] conn=36496 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[11/Jan/2016:22:45:38 +0000] conn=36496 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:38 +0000] conn=36496 op=-1 fd=171 closed - Peer reports
failure of signature verification or key exchange.
[11/Jan/2016:22:45:38 +0000] conn=36386 op=20 SRCH
base="cn=accounts,dc=mydomain,dc=net" scope=2
filter="(&(uid=nobody)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[11/Jan/2016:22:45:38 +0000] conn=36386 op=20 RESULT err=0 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:38 +0000] conn=36386 op=21 SRCH
base="cn=accounts,dc=mydomain,dc=net" scope=2
filter="(&(uid=nobody)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[11/Jan/2016:22:45:38 +0000] conn=36386 op=21 RESULT err=0 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:39 +0000] conn=17878 op=43127 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[11/Jan/2016:22:45:39 +0000] conn=17878 op=43127 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:39 +0000] conn=17878 op=43128 EXT
oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session"
[11/Jan/2016:22:45:39 +0000] conn=17878 op=43128 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:39 +0000] conn=17878 op=43129 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[11/Jan/2016:22:45:39 +0000] conn=17878 op=43129 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:39 +0000] conn=17878 op=43130 EXT
oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session"
[11/Jan/2016:22:45:39 +0000] conn=17878 op=43130 RESULT err=0 tag=120
nentries=0 etime=0
[11/Jan/2016:22:45:39 +0000] conn=36386 op=22 SRCH
base="cn=accounts,dc=mydomain,dc=net" scope=2
filter="(&(uid=nobody)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[11/Jan/2016:22:45:39 +0000] conn=36386 op=22 RESULT err=0 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:39 +0000] conn=36386 op=23 SRCH
base="cn=accounts,dc=mydomain,dc=net" scope=2
filter="(&(uid=nobody)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[11/Jan/2016:22:45:39 +0000] conn=36386 op=23 RESULT err=0 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:39 +0000] conn=36386 op=24 SRCH
base="cn=accounts,dc=mydomain,dc=net" scope=2
filter="(&(uid=nobody)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[11/Jan/2016:22:45:39 +0000] conn=36386 op=24 RESULT err=0 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:39 +0000] conn=36497 fd=171 slot=171 connection from
10.21.25.13 to 10.178.0.99
[11/Jan/2016:22:45:39 +0000] conn=36497 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures supportedLDAPVersion
supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext
lastusn highestcommittedusn aci"
[11/Jan/2016:22:45:39 +0000] conn=36497 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236860 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/uwp2.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/uwp2.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236860 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236861 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236861 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236862 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236862 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236863 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236863 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236864 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/uwp2.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/uwp2.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236864 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236865 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236865 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236866 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236866 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236867 SRCH
base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236867 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236868 SRCH
base="fqdn=uwp2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber
krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236868 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236869 SRCH
base="cn=uwp2.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net"
scope=0 filter="(objectClass=*)" attrs=ALL
[11/Jan/2016:22:45:39 +0000] conn=6 op=236869 RESULT err=32 tag=101
nentries=0 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236870 MOD
dn="fqdn=uwp2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236870 RESULT err=0 tag=103
nentries=0 etime=0 csn=5694318c000400030000
[11/Jan/2016:22:45:39 +0000] conn=6 op=236871 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236871 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236872 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236872 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236873 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236873 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236874 SRCH
base="dc=mydomain,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/uwp2.mydomain.net at MYDOMAIN.NET))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory
krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236874 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=6 op=236875 SRCH
base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[11/Jan/2016:22:45:39 +0000] conn=6 op=236875 RESULT err=0 tag=101
nentries=1 etime=0
[11/Jan/2016:22:45:39 +0000] conn=36497 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:39 +0000] conn=36497 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[11/Jan/2016:22:45:39 +0000] conn=36497 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:40 +0000] conn=36497 op=2 RESULT err=14 tag=97
nentries=0 etime=1, SASL bind in progress
[11/Jan/2016:22:45:40 +0000] conn=36497 op=3 BIND dn="" method=sasl
version=3 mech=GSSAPI
[11/Jan/2016:22:45:40 +0000] conn=36497 op=3 RESULT err=0 tag=97
nentries=0 etime=0
dn="fqdn=uwp2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net"
[11/Jan/2016:22:45:40 +0000] conn=36497 op=4 SRCH
base="ou=SUDOers,dc=mydomain,dc=net" scope=2
filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=uwp2.mydomain.net)(sudoHost=uwp2)(sudoHost=10.21.25.13)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:3667)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))"
attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs
sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder
entryusn"
[11/Jan/2016:22:45:40 +0000] conn=36497 op=4 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
More information about the Freeipa-users
mailing list