<div dir="ltr"><div><div><div><div><div># getcert list returns 9 request ID. All 9 are in status "MONITORING" and expire after 2017. </div>So no expired certificate. </div> Number of certificates and requests being tracked: 9. Request ID '20150313092422': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-BIOINF-LOCAL',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-BIOINF-LOCAL/pwdfile.txt' certificate: type=NSSDB,location='/etc/dirsrv/slapd-BIOINF-LOCAL',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=BIOINF.LOCAL subject: CN=lead.bioinf.local,O=BIOINF.LOCAL expires: 2017-03-13 09:24:21 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv BIOINF-LOCAL track: yes auto-renew: yes Request ID '20150313092456': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=BIOINF.LOCAL subject: CN=lead.bioinf.local,O=BIOINF.LOCAL expires: 2017-03-13 09:24:56 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_httpd track: yes auto-renew: yes Request ID '20150710083112': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert',token='NSS Certificate DB' certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=BIOINF.LOCAL subject: CN=lead.bioinf.local,O=BIOINF.LOCAL expires: 2017-07-10 08:31:16 UTC principal name: host/lead.bioinf.local@BIOINF.LOCAL key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: track: yes auto-renew: yes Request ID '20160106131740': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=BIOINF.LOCAL subject: CN=CA Audit,O=BIOINF.LOCAL expires: 2017-03-02 09:24:01 UTC key usage: digitalSignature,nonRepudiation pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca" track: yes auto-renew: yes Request ID '20160106131741': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=BIOINF.LOCAL subject: CN=OCSP Subsystem,O=BIOINF.LOCAL expires: 2017-03-02 09:24:00 UTC key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign eku: id-kp-OCSPSigning pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "ocspSigningCert cert-pki-ca" track: yes auto-renew: yes Request ID '20160106131742': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=BIOINF.LOCAL subject: CN=CA Subsystem,O=BIOINF.LOCAL expires: 2017-03-02 09:24:01 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "subsystemCert cert-pki-ca" track: yes auto-renew: yes Request ID '20160106131743': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=BIOINF.LOCAL subject: CN=Certificate Authority,O=BIOINF.LOCAL expires: 2035-03-13 09:23:59 UTC key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "caSigningCert cert-pki-ca" track: yes auto-renew: yes Request ID '20160106131744': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=BIOINF.LOCAL subject: CN=IPA RA,O=BIOINF.LOCAL expires: 2017-03-02 09:24:16 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: /usr/lib64/ipa/certmonger/renew_ra_cert_pre post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert track: yes auto-renew: yes Request ID '20160106131745': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate Authority,O=BIOINF.LOCAL subject: CN=lead.bioinf.local,O=BIOINF.LOCAL expires: 2017-03-02 09:24:00 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "Server-Cert cert-pki-ca" track: yes auto-renew: yes Do you use IPA with externally signed CA cert? Are they valid? </div>I don't think (but I don't know how to check this to be sure ?) </div>Thx for your help ! </div>Seli </div><div class="gmail_extra"> <div class="gmail_quote">On Fri, Jun 3, 2016 at 1:15 PM, Petr Vobornik <<a href="mailto:pvoborni@redhat.com" target="_blank">pvoborni@redhat.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 06/03/2016 11:11 AM, seli irithyl wrote: > Sorry Martin, > I rebooted the IdM server: > [root@lead sssd]# ipactl status > Directory Service: RUNNING > krb5kdc Service: RUNNING > kadmin Service: RUNNING > ipa_memcached Service: RUNNING > httpd Service: RUNNING > pki-tomcatd Service: RUNNING > ipa-otpd Service: RUNNING > ipa: INFO: The ipactl command was successful > > I checked DNS and it is ok > > I can login from any host. > > Unfortunately when trying to run any ipa command: > [root@lead ~]# ipa service-find lead.bioinf.local > ipa: ERROR: cert validation failed for > "E=root@lead.bioinf.local,CN=lead.bioinf.local,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--" > ((SEC_ERROR_CA_CERT_INVALID) Issuer certificate is invalid.) > ipa: ERROR: cannot connect to '<a href="https://lead.bioinf.local/ipa/json" rel="noreferrer" target="_blank">https://lead.bioinf.local/ipa/json</a>': > (SEC_ERROR_CA_CERT_INVALID) Issuer certificate is invalid. > > Is anybody has an idea on where and what to check next ? > Thx, > > Seli > does # getcert list show any expired certificate? Do you use IPA with externally signed CA cert? Are they valid? > > > On Tue, May 31, 2016 at 8:33 AM, Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <div class="HOEnZb"><div class="h5">> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>> wrote: > > Hello Seli, > > Please reply to mailing list directly so that others can benefit from the > thread as well. > > Thanks, > Martin > > On 05/30/2016 06:17 PM, seli irithyl wrote: > > Freeipa version : 4.2.0-15.0.1.el7.centos.6.1 > > FF: 45.1.1 > > Could this problem be related to mod_ssl and mod_nss for httpd ? > > Looking the logs, it seems there are lots of problems, here are some > parts that > > look strange to me (and are probably unrelated) : > > 1 sssd: > > 1.1 krb5_child.log > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]] > [unpack_buffer] > > (0x0100): cmd [249] uid [1713400053] gid [1713400053] validate [true] > enterprise > > principal [false] offline [false] UPN [koto@BIOINF.LOCAL] > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]] > [k5c_setup_fast] > > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to > [host/lead.bioinf.local@BIOINF.LOCAL] > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]] > > [check_fast_ccache] (0x0200): FAST TGT is still valid. > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]] [become_user] > > (0x0200): Trying to become user [1713400053][1713400053]. > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]] > > [set_lifetime_options] (0x0100): SSSD_KRB5_RENEWABLE_LIFETIME is set to [7d] > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]] > > [set_lifetime_options] (0x0100): SSSD_KRB5_LIFETIME is set to [1d] > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]] > > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]] > > [sss_krb5_prompter] (0x0020): Cannot handle password prompts. > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]] > [k5c_send_data] > > (0x0200): Received error code 0 > > 1.2 sssd_bioinf.local.log > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > > [check_ccache_files] (0x0200): Failed to check ccache file > > [KEYRING:persistent:1713400031]. > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > > [check_ccache_files] (0x0200): Failed to check ccache file > > [KEYRING:persistent:1713400053]. > > ... > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > > [check_and_export_options] (0x0100): No KDC explicitly configured, using > defaults. > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > > [check_and_export_options] (0x0100): No kpasswd server explicitly configured, > > using the KDC or defaults. > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > > [parse_krb5_map_user] (0x0200): Warning: krb5_map_user is empty! > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > > [load_backend_module] (0x0200): no module name found in confdb, using [ipa]. > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > > [common_parse_search_base] (0x0100): Search base added: > > [SUDO][ou=SUDOers,dc=bioinf,dc=local][SUBTREE][] > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > [check_ipv4_addr] > > (0x0200): Loopback IPv4 address 127.0.0.1 > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > [check_ipv6_addr] > > (0x0200): Loopback IPv6 address ::1 > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > > [load_backend_module] (0x0200): no module name found in confdb, using [ipa]. > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > > [common_parse_search_base] (0x0100): Search base added: > > [AUTOFS][cn=default,cn=automount,dc=bioinf,dc=local][SUBTREE][] > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]] > > [load_backend_module] (0x0200): no module name found in confdb, using [ipa]. > > ... > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]] > > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > domain SID > > from [(null)] > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]] > > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > domain SID > > from [(null)] > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]] > > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > domain SID > > from [(null)] > > ... > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]] > > [sdap_process_group_send] (0x0040): No Members. Done! > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]] > > [sdap_process_group_send] (0x0040): No Members. Done! > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]] > > [sdap_process_group_send] (0x0040): No Members. Done! > > ... > > 1.3 sssd_nss.log > > (Mon May 30 17:18:07 2016) [sssd[nss]] [calc_flat_name] > (0x0080): Flat > > name requested but domain has noflat name set, falling back to domain name > > (Mon May 30 17:20:01 2016) [sssd[nss]] [sss_cmd_get_version] > (0x0200): > > Received client version [1]. > > (Mon May 30 17:20:01 2016) [sssd[nss]] [sss_cmd_get_version] > (0x0200): > > Offered version [1]. > > (Mon May 30 17:20:01 2016) [sssd[nss]] [sss_cmd_get_version] > (0x0200): > > Received client version [1]. > > (Mon May 30 17:20:01 2016) [sssd[nss]] [sss_cmd_get_version] > (0x0200): > > Offered version [1]. > > (Mon May 30 17:20:01 2016) [sssd[nss]] [sss_parse_name_for_domains] > > (0x0200): name 'root' matched without domain, user is root > > (Mon May 30 17:20:01 2016) [sssd[nss]] [nss_cmd_getbynam] (0x0100): > > Requesting info for [root] from [<ALL>] > > (Mon May 30 17:20:01 2016) [sssd[nss]] [nss_cmd_initgroups_search] > > (0x0080): No matching domain found for [root], fail! > > (Mon May 30 17:20:01 2016) [sssd[nss]] [sss_parse_name_for_domains] > > (0x0200): name 'root' matched without domain, user is root > > (Mon May 30 17:20:01 2016) [sssd[nss]] [nss_cmd_getbynam] (0x0100): > > Requesting info for [root] from [<ALL>] > > (Mon May 30 17:20:01 2016) [sssd[nss]] [nss_cmd_initgroups_search] > > (0x0080): No matching domain found for [root], fail! > > (Mon May 30 17:20:01 2016) [sssd[nss]] [client_recv] (0x0200): > Client > > disconnected! > > (Mon May 30 17:20:01 2016) [sssd[nss]] [client_recv] (0x0200): > Client > > disconnected! > > > > 2 pki : catalina.2016-05-30.log > > May 30, 2016 2:18:10 PM org.apache.coyote.AbstractProtocol init > > SEVERE: Failed to initialize end point associated with ProtocolHandler > > ["http-bio-8443"] > > java.net.BindException: Could not bind to address: (-5982) Local Network > > address is in use. <null>:8443 > > at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:411) > > at > > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640) > > at > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) > > at > > > org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) > > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:978) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > > at > > > org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > > at > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:813) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:638) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:663) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:497) > > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280) > > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454) > > Caused by: java.net.BindException: Could not bind to address: > (-5982) Local > > Network address is in use. > > at org.mozilla.jss.ssl.SocketBase.socketBind(Native Method) > > at > org.mozilla.jss.ssl.SSLServerSocket.<init>(SSLServerSocket.java:159) > > at > > > org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:937) > > at > > > org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:929) > > at > > > org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:924) > > at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:398) > > ... 17 more > > May 30, 2016 2:18:10 PM org.apache.catalina.core.StandardService > initInternal > > SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]] > > org.apache.catalina.LifecycleException: Failed to initialize component > > [Connector[HTTP/1.1-8443]] > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) > > at > > > org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > > at > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:813) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:638) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:663) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:497) > > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280) > > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454) > > Caused by: org.apache.catalina.LifecycleException: Protocol handler > > initialization failed > > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:980) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > > ... 12 more > > Caused by: java.net.BindException: Could not bind to address: > (-5982) Local > > Network address is in use. <null>:8443 > > at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:411) > > at > > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640) > > at > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) > > at > > > org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) > > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:978) > > ... 13 more > > Caused by: java.net.BindException: Could not bind to address: > (-5982) Local > > Network address is in use. > > at org.mozilla.jss.ssl.SocketBase.socketBind(Native Method) > > at > org.mozilla.jss.ssl.SSLServerSocket.<init>(SSLServerSocket.java:159) > > at > > > org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:937) > > at > > > org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:929) > > at > > > org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:924) > > at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:398) > > ... 17 more > > > > 3. dirsrv > > [26/May/2016:12:14:10 +0200] - WARNING: userRoot: entry cache size > 512000B > > is less than db size 1163264B; We recommend to increase the entry cache size > > nsslapd-cachememsize. > > [26/May/2016:12:14:10 +0200] - WARNING: ipaca: entry cache size > 512000B is > > less than db size 1015808B; We recommend to increase the entry cache size > > nsslapd-cachememsize. > > [26/May/2016:12:14:10 +0200] - WARNING: changelog: entry cache size > 512000B > > is less than db size 10100736B; We recommend to increase the entry cache size > > nsslapd-cachememsize. > > [26/May/2016:12:14:10 +0200] schema-compat-plugin - scheduled > > schema-compat-plugin tree scan in about 5 seconds after the server startup! > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=dns,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=dns,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=keys,cn=sec,cn=dns,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=dns,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=dns,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=groups,cn=compat,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=computers,cn=compat,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=ng,cn=compat,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > ou=sudoers,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=users,cn=compat,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > > cn=ad,cn=etc,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > cn=casigningcert > > cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target > cn=casigningcert > > cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bioinf,dc=local does not exist > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target cn=automember > > rebuild membership,cn=tasks,cn=config does not exist > > [26/May/2016:12:14:10 +0200] - Skipping CoS Definition cn=Password > > Policy,cn=accounts,dc=bioinf,dc=local--no CoS Templates found, which > should be > > added before the CoS Definition. > > [26/May/2016:12:14:10 +0200] schema-compat-plugin - schema-compat-plugin > > tree scan will start in about 5 seconds! > > [26/May/2016:12:14:10 +0200] - slapd started. Listening on All > Interfaces > > port 389 for LDAP requests > > [26/May/2016:12:14:10 +0200] - Listening on All Interfaces port 636 for > > LDAPS requests > > [26/May/2016:12:14:10 +0200] - Listening on > > /var/run/slapd-BIOINF-LOCAL.socket for LDAPI requests > > [26/May/2016:12:14:15 +0200] schema-compat-plugin - warning: no > entries set > > up under ou=sudoers,dc=bioinf,dc=local > > [26/May/2016:12:14:15 +0200] schema-compat-plugin - warning: no > entries set > > up under cn=ng, cn=compat,dc=bioinf,dc=local > > [26/May/2016:12:14:15 +0200] schema-compat-plugin - Finished plugin > > initialization. > > > > > > On Mon, May 30, 2016 at 4:46 PM, Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> > <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>> </div></div><div class="HOEnZb"><div class="h5">> > <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>>>> wrote: > > > > On 05/30/2016 04:36 PM, Martin Basti wrote: > > > > > > > > > On 30.05.2016 14:20, seli irithyl wrote: > > >> Hi, > > >> > > >> Since last update, I'am unable to log in to web ui with FF (e.g. > blank page) > > >> Any idea where too look for ? > > >> > > >> Best regards, > > >> > > >> Seli > > >> > > >> > > >> > > >> > > >> > > > Hello, > > > > > > can you provide version of the freeIPA, firefox. Does it work from > different > > > browser? does it work from private mode? > > > > + does [CTRL]+F5 helps? Do advise in > > <a href="http://www.freeipa.org/page/Troubleshooting#Web_UI" rel="noreferrer" target="_blank">http://www.freeipa.org/page/Troubleshooting#Web_UI</a> > > help? > > > > > > > > </div></div>-- Petr Vobornik </blockquote></div> </div>