Re: Add a picture to freeipa user
by Boudjoudad Abdelkader
Hello Alexander and thank you for the quick reply,
Our goal to add a picture to freeipa authentication is to increase the
security and to be able to access to the user's picture when needed, i
don't know if we can do that with a binary file ?
Thanks,
5 years, 3 months
ipa-replica-install failed
by Keresztes Péter-Zoltán
Hello,
I would like to promote a freeipa client as a replica, I have executed the ipa-client-install without any problem but when I execute spa-replica-install I get the following error:
WARNING: conflicting time&date synchronization service 'ntp' will
be disabled in favor of chronyd
Password for admin(a)REDCAPCLOUD.LOCAL:
Configuring directory server (dirsrv). Estimated time: 30 seconds
[1/41]: creating directory server instance
[2/41]: enabling ldapi
[3/41]: configure autobind for root
[4/41]: stopping directory server
[5/41]: updating configuration in dse.ldif
[6/41]: starting directory server
[7/41]: adding default schema
[8/41]: enabling memberof plugin
[9/41]: enabling winsync plugin
[10/41]: configuring replication version plugin
[11/41]: enabling IPA enrollment plugin
[12/41]: configuring uniqueness plugin
[13/41]: configuring uuid plugin
[14/41]: configuring modrdn plugin
[15/41]: configuring DNS plugin
[16/41]: enabling entryUSN plugin
[17/41]: configuring lockout plugin
[18/41]: configuring topology plugin
[19/41]: creating indices
[20/41]: enabling referential integrity plugin
[21/41]: configuring certmap.conf
[22/41]: configure new location for managed entries
[23/41]: configure dirsrv ccache
[24/41]: enabling SASL mapping fallback
[25/41]: restarting directory server
[26/41]: creating DS keytab
[27/41]: ignore time skew for initial replication
[28/41]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 5 seconds elapsed
Update succeeded
[29/41]: prevent time skew after initial replication
[30/41]: adding sasl mappings to the directory
[31/41]: updating schema
[32/41]: setting Auto Member configuration
[33/41]: enabling S4U2Proxy delegation
[error] NotFound: no such entry
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: ERROR no such entry
ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
The ipareplica-install.log looks like this:
2019-02-18T17:20:22Z DEBUG Logging to /var/log/ipareplica-install.log
2019-02-18T17:20:22Z DEBUG ipa-replica-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'skip_schema_check': False, 'no_ntp': False, 'setup_kra': False, 'ip_addresses': None, 'secondary_rid_base': None, 'netbios_name': None, 'mkhomedir': False, 'force_ntpd': False, 'http_cert_files': None, 'no_pkinit': False, 'principal': None, 'no_forwarders': False, 'add_sids': False, 'keytab': None, 'ssh_trust_dns': False, 'no_msdcs': False, 'domain_name': None, 'setup_adtrust': False, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': False, 'no_reverse': False, 'pkinit_cert_files': None, 'unattended': False, 'ntp_pool': None, 'skip_conncheck': True, 'auto_reverse': False, 'ntp_servers': None, 'auto_forwarders': False, 'no_host_dns': False, 'dirsrv_cert_name': None, 'no_ui_redirect': False, 'dirsrv_config_file': None, 'forwarders': None, 'verbose': False, 'setup_ca': False, 'servers': None, 'pkinit_cert_name': None, 'no_ssh': False, 'enable_compat': False, 'add_agents': False, 'realm_name': None, 'force_join': False, 'no_sshd': False, 'forward_policy': None, 'rid_base': None, 'quiet': False, 'setup_dns': False, 'host_name': None, 'log_file': None, 'reverse_zones': None, 'allow_zone_overlap': False}
2019-02-18T17:20:22Z DEBUG IPA version 4.6.90.pre1+git20180411
2019-02-18T17:20:22Z DEBUG Searching for an interface of IP address: ::1
2019-02-18T17:20:22Z DEBUG Testing local IP address: ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (interface: lo)
2019-02-18T17:20:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-02-18T17:20:22Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2019-02-18T17:20:22Z DEBUG httpd is not configured
2019-02-18T17:20:22Z DEBUG kadmin is not configured
2019-02-18T17:20:22Z DEBUG dirsrv is not configured
2019-02-18T17:20:22Z DEBUG pki-tomcatd is not configured
2019-02-18T17:20:22Z DEBUG install is not configured
2019-02-18T17:20:22Z DEBUG krb5kdc is not configured
2019-02-18T17:20:22Z DEBUG named is not configured
2019-02-18T17:20:22Z DEBUG filestore is tracking no files
2019-02-18T17:20:22Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2019-02-18T17:20:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-02-18T17:20:22Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2019-02-18T17:20:22Z DEBUG importing all plugin modules in ipaserver.plugins...
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.aci
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.automember
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.automount
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.baseldap
2019-02-18T17:20:22Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.baseuser
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.batch
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.ca
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.caacl
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.cert
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.certmap
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.certprofile
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.config
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.delegation
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.dns
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.dnsserver
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.dogtag
2019-02-18T17:20:22Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.domainlevel
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.group
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.hbac
2019-02-18T17:20:22Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.hbacrule
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.hbactest
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.host
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.hostgroup
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.idrange
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.idviews
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.internal
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.join
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.ldap2
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.location
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.migration
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.misc
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.netgroup
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.otp
2019-02-18T17:20:22Z DEBUG ipaserver.plugins.otp is not a valid plugin module
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.otpconfig
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.otptoken
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.passwd
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.permission
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.ping
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.pkinit
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.privilege
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.rabase
2019-02-18T17:20:22Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.realmdomains
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.role
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.schema
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.selfservice
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.server
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.serverrole
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.serverroles
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.service
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.session
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.stageuser
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.sudo
2019-02-18T17:20:22Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.sudorule
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.topology
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.trust
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.user
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.vault
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.virtual
2019-02-18T17:20:22Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.whoami
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2019-02-18T17:20:22Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.dns
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2019-02-18T17:20:22Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2019-02-18T17:20:24Z DEBUG Check if vmnvipa-1c.redcapcloud.local is a primary hostname for localhost
2019-02-18T17:20:24Z DEBUG Primary hostname for localhost: vmnvipa-1c.redcapcloud.local
2019-02-18T17:20:24Z DEBUG Search DNS for vmnvipa-1c.redcapcloud.local
2019-02-18T17:20:24Z DEBUG Check if vmnvipa-1c.redcapcloud.local is not a CNAME
2019-02-18T17:20:24Z DEBUG Check reverse address of 172.16.99.34
2019-02-18T17:20:24Z DEBUG Found reverse name: vmnvipa-1c.redcapcloud.local
2019-02-18T17:20:24Z DEBUG Check if vmfripa-1c.redcapcloud.local is a primary hostname for localhost
2019-02-18T17:20:24Z DEBUG Primary hostname for localhost: vmfripa-1c.redcapcloud.local
2019-02-18T17:20:24Z DEBUG Search DNS for vmfripa-1c.redcapcloud.local
2019-02-18T17:20:24Z DEBUG Check if vmfripa-1c.redcapcloud.local is not a CNAME
2019-02-18T17:20:24Z DEBUG Check reverse address of 172.17.0.4
2019-02-18T17:20:24Z DEBUG Found reverse name: vmfripa-1c.redcapcloud.local
2019-02-18T17:20:24Z DEBUG Initializing principal host/vmnvipa-1c.redcapcloud.local(a)REDCAPCLOUD.LOCAL using keytab /etc/krb5.keytab
2019-02-18T17:20:24Z DEBUG using ccache /tmp/krbccTTbbFD/ccache
2019-02-18T17:20:24Z DEBUG Attempt 1/1: success
2019-02-18T17:20:24Z DEBUG importing all plugin modules in ipaserver.plugins...
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.aci
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.automember
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.automount
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.baseldap
2019-02-18T17:20:24Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.baseuser
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.batch
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.ca
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.caacl
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.cert
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.certmap
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.certprofile
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.config
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.delegation
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.dns
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.dnsserver
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.dogtag
2019-02-18T17:20:24Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.domainlevel
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.group
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.hbac
2019-02-18T17:20:24Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.hbacrule
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.hbactest
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.host
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.hostgroup
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.idrange
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.idviews
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.internal
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.join
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.ldap2
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.location
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.migration
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.misc
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.netgroup
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.otp
2019-02-18T17:20:24Z DEBUG ipaserver.plugins.otp is not a valid plugin module
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.otpconfig
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.otptoken
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.passwd
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.permission
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.ping
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.pkinit
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.privilege
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.rabase
2019-02-18T17:20:24Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.realmdomains
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.role
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.schema
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.selfservice
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.server
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.serverrole
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.serverroles
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.service
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.session
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.stageuser
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.sudo
2019-02-18T17:20:24Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.sudorule
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.topology
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.trust
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.user
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.vault
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.virtual
2019-02-18T17:20:24Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.whoami
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2019-02-18T17:20:24Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.dns
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2019-02-18T17:20:24Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2019-02-18T17:20:26Z DEBUG failed to find session_cookie in persistent storage for principal 'host/vmnvipa-1c.redcapcloud.local(a)REDCAPCLOUD.LOCAL'
2019-02-18T17:20:26Z INFO trying https://vmfripa-1c.redcapcloud.local/ipa/json
2019-02-18T17:20:26Z DEBUG Created connection context.jsonclient_140046045649168
2019-02-18T17:20:26Z INFO [try 1]: Forwarding 'env' to json server 'https://vmfripa-1c.redcapcloud.local/ipa/json'
2019-02-18T17:20:26Z DEBUG New HTTP connection (vmfripa-1c.redcapcloud.local)
2019-02-18T17:20:27Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=b317bf10cd3dce2413ba7222b3abb93e; Domain=vmfripa-1c.redcapcloud.local; Path=/ipa; Expires=Mon, 18 Feb 2019 17:40:27 GMT; Secure; HttpOnly']'
2019-02-18T17:20:27Z DEBUG storing cookie 'ipa_session=b317bf10cd3dce2413ba7222b3abb93e;' for principal host/vmnvipa-1c.redcapcloud.local(a)REDCAPCLOUD.LOCAL
2019-02-18T17:20:27Z INFO [try 1]: Forwarding 'env' to json server 'https://vmfripa-1c.redcapcloud.local/ipa/json'
2019-02-18T17:20:27Z DEBUG HTTP connection keep-alive (vmfripa-1c.redcapcloud.local)
2019-02-18T17:20:27Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=03cd0fb7bea45834fbfc81705854b7bf; Domain=vmfripa-1c.redcapcloud.local; Path=/ipa; Expires=Mon, 18 Feb 2019 17:40:27 GMT; Secure; HttpOnly']'
2019-02-18T17:20:27Z DEBUG storing cookie 'ipa_session=03cd0fb7bea45834fbfc81705854b7bf;' for principal host/vmnvipa-1c.redcapcloud.local(a)REDCAPCLOUD.LOCAL
2019-02-18T17:20:27Z DEBUG Destroyed connection context.jsonclient_140046045649168
2019-02-18T17:20:29Z DEBUG Created connection context.ldap2_140046055825552
2019-02-18T17:20:29Z DEBUG flushing ldaps://vmfripa-1c.redcapcloud.local from SchemaCache
2019-02-18T17:20:29Z DEBUG retrieving schema for SchemaCache url=ldaps://vmfripa-1c.redcapcloud.local conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f5f02d46f80>
2019-02-18T17:20:30Z DEBUG raw: domainlevel_get(version=u'2.229')
2019-02-18T17:20:30Z DEBUG domainlevel_get(version=u'2.229')
2019-02-18T17:20:30Z DEBUG raw: hostgroup_find(None, cn=u'ipaservers', version=u'2.229', host=[u'vmnvipa-1c.redcapcloud.local'])
2019-02-18T17:20:30Z DEBUG hostgroup_find(None, cn=u'ipaservers', all=False, raw=False, version=u'2.229', no_members=True, pkey_only=False, host=(u'vmnvipa-1c.redcapcloud.local',))
2019-02-18T17:20:30Z DEBUG KRB5CCNAME set to None
2019-02-18T17:20:30Z DEBUG Failed to find default ccache: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639053): No Kerberos credentials available (default cache: KEYRING:persistent:0)
2019-02-18T17:20:40Z DEBUG Initializing principal admin(a)REDCAPCLOUD.LOCAL using password
2019-02-18T17:20:40Z DEBUG Starting external process
2019-02-18T17:20:40Z DEBUG args=['/usr/bin/kinit', u'admin(a)REDCAPCLOUD.LOCAL', '-c', '/tmp/tmpcskEjS']
2019-02-18T17:20:41Z DEBUG Process finished, return code=0
2019-02-18T17:20:41Z DEBUG stdout=Password for admin(a)REDCAPCLOUD.LOCAL:
2019-02-18T17:20:41Z DEBUG stderr=
2019-02-18T17:20:41Z DEBUG Destroyed connection context.ldap2_140046055825552
2019-02-18T17:20:43Z DEBUG Created connection context.ldap2_140046055825552
2019-02-18T17:20:43Z DEBUG raw: hostgroup_show(u'ipaservers', rights=True, all=True, version=u'2.229')
2019-02-18T17:20:43Z DEBUG hostgroup_show(u'ipaservers', rights=True, all=True, raw=False, version=u'2.229', no_members=False)
2019-02-18T17:20:43Z DEBUG flushing ldaps://vmfripa-1c.redcapcloud.local from SchemaCache
2019-02-18T17:20:43Z DEBUG retrieving schema for SchemaCache url=ldaps://vmfripa-1c.redcapcloud.local conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f5f02d46f80>
2019-02-18T17:20:44Z DEBUG Destroyed connection context.ldap2_140046055825552
2019-02-18T17:20:45Z DEBUG Created connection context.ldap2_140046055825552
2019-02-18T17:20:45Z DEBUG flushing ldaps://vmfripa-1c.redcapcloud.local from SchemaCache
2019-02-18T17:20:45Z DEBUG retrieving schema for SchemaCache url=ldaps://vmfripa-1c.redcapcloud.local conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f5f02d46f80>
2019-02-18T17:20:47Z DEBUG No IPA DNS servers, skipping forward/reverse resolution check
2019-02-18T17:20:47Z DEBUG Name vmnvipa-1c.redcapcloud.local resolved to set([UnsafeIPAddress('172.16.99.34')])
2019-02-18T17:20:47Z DEBUG Searching for an interface of IP address: 172.16.99.34
2019-02-18T17:20:47Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo)
2019-02-18T17:20:47Z DEBUG Testing local IP address: 172.16.99.34/255.255.255.0 (interface: ens5)
2019-02-18T17:20:47Z DEBUG Destroyed connection context.ldap2_140046055825552
2019-02-18T17:20:47Z DEBUG Created connection context.ldap2_140046055825552
2019-02-18T17:20:47Z DEBUG raw: hostgroup_add_member(u'ipaservers', version=u'2.229', host=[u'vmnvipa-1c.redcapcloud.local'])
2019-02-18T17:20:47Z DEBUG hostgroup_add_member(u'ipaservers', all=False, raw=False, version=u'2.229', no_members=False, host=(u'vmnvipa-1c.redcapcloud.local',))
2019-02-18T17:20:47Z DEBUG add_entry_to_group: dn=fqdn=vmnvipa-1c.redcapcloud.local,cn=computers,cn=accounts,dc=redcapcloud,dc=local group_dn=cn=ipaservers,cn=hostgroups,cn=accounts,dc=redcapcloud,dc=local member_attr=member
2019-02-18T17:20:49Z DEBUG flushing ldaps://vmfripa-1c.redcapcloud.local from SchemaCache
2019-02-18T17:20:49Z DEBUG retrieving schema for SchemaCache url=ldaps://vmfripa-1c.redcapcloud.local conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f5f01ba77a0>
2019-02-18T17:20:50Z DEBUG Destroyed connection context.ldap2_140046055825552
2019-02-18T17:20:50Z DEBUG Starting external process
2019-02-18T17:20:50Z DEBUG args=['/bin/systemctl', 'restart', 'certmonger.service']
2019-02-18T17:20:50Z DEBUG Process finished, return code=0
2019-02-18T17:20:50Z DEBUG stdout=
2019-02-18T17:20:50Z DEBUG stderr=
2019-02-18T17:20:50Z DEBUG Starting external process
2019-02-18T17:20:50Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service']
2019-02-18T17:20:50Z DEBUG Process finished, return code=0
2019-02-18T17:20:50Z DEBUG stdout=active
2019-02-18T17:20:50Z DEBUG stderr=
2019-02-18T17:20:50Z DEBUG Starting external process
2019-02-18T17:20:50Z DEBUG args=['/bin/systemctl', 'enable', 'certmonger.service']
2019-02-18T17:20:50Z DEBUG Process finished, return code=0
2019-02-18T17:20:50Z DEBUG stdout=
2019-02-18T17:20:50Z DEBUG stderr=Synchronizing state of certmonger.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable certmonger
2019-02-18T17:20:51Z DEBUG Created connection context.ldap2_140046055825552
2019-02-18T17:20:51Z DEBUG flushing ldaps://vmfripa-1c.redcapcloud.local from SchemaCache
2019-02-18T17:20:51Z DEBUG retrieving schema for SchemaCache url=ldaps://vmfripa-1c.redcapcloud.local conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f5f0326c518>
2019-02-18T17:20:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-02-18T17:20:52Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2019-02-18T17:20:52Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds
2019-02-18T17:20:52Z DEBUG [1/41]: creating directory server instance
2019-02-18T17:20:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-02-18T17:20:52Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-02-18T17:20:52Z DEBUG Backing up system configuration file '/etc/default/dirsrv'
2019-02-18T17:20:52Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-02-18T17:20:52Z DEBUG
dn: dc=redcapcloud,dc=local
objectClass: top
objectClass: domain
objectClass: pilotObject
dc: redcapcloud
info: IPA V2.0
2019-02-18T17:20:52Z DEBUG writing inf template
2019-02-18T17:20:52Z DEBUG
[General]
FullMachineName= vmnvipa-1c.redcapcloud.local
SuiteSpotUserID= dirsrv
SuiteSpotGroup= dirsrv
ServerRoot= /usr/lib/dirsrv
[slapd]
ServerPort= 389
ServerIdentifier= REDCAPCLOUD-LOCAL
Suffix= dc=redcapcloud,dc=local
RootDN= cn=Directory Manager
InstallLdifFile= /var/lib/dirsrv/boot.ldif
inst_dir= /var/lib/dirsrv/scripts-REDCAPCLOUD-LOCAL
2019-02-18T17:20:52Z DEBUG calling setup-ds.pl
2019-02-18T17:20:52Z DEBUG Starting external process
2019-02-18T17:20:52Z DEBUG args=['/usr/sbin/setup-ds', '--silent', '--logfile', '-', '-f', '/tmp/tmpWJzprF']
2019-02-18T17:21:00Z DEBUG Process finished, return code=0
2019-02-18T17:21:00Z DEBUG stdout=[19/02/18:17:21:00] - [Setup] Info Your new DS instance 'REDCAPCLOUD-LOCAL' was successfully created.
Your new DS instance 'REDCAPCLOUD-LOCAL' was successfully created.
[19/02/18:17:21:00] - [Setup] Success Exiting . . .
Log file is '-'
Exiting . . .
Log file is '-'
2019-02-18T17:21:00Z DEBUG stderr=
2019-02-18T17:21:00Z DEBUG completed creating DS instance
2019-02-18T17:21:00Z DEBUG step duration: dirsrv __create_instance 8.33 sec
2019-02-18T17:21:00Z DEBUG [2/41]: enabling ldapi
2019-02-18T17:21:00Z DEBUG Starting external process
2019-02-18T17:21:00Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpk_iFkN', '-H', 'ldap://localhost', '-x', '-D', 'cn=Directory Manager', '-y', '/tmp/tmpABcApc']
2019-02-18T17:21:00Z DEBUG Process finished, return code=0
2019-02-18T17:21:00Z DEBUG stdout=replace nsslapd-ldapilisten:
on
modifying entry "cn=config"
modify complete
2019-02-18T17:21:00Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )
2019-02-18T17:21:00Z DEBUG step duration: dirsrv __enable_ldapi 0.04 sec
2019-02-18T17:21:00Z DEBUG [3/41]: configure autobind for root
2019-02-18T17:21:00Z DEBUG Starting external process
2019-02-18T17:21:00Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/root-autobind.ldif', '-H', 'ldap://localhost', '-x', '-D', 'cn=Directory Manager', '-y', '/tmp/tmpYxJR88']
2019-02-18T17:21:00Z DEBUG Process finished, return code=0
2019-02-18T17:21:00Z DEBUG stdout=add objectClass:
extensibleObject
top
add cn:
root-autobind
add uidNumber:
0
add gidNumber:
0
adding new entry "cn=root-autobind,cn=config"
modify complete
replace nsslapd-ldapiautobind:
on
modifying entry "cn=config"
modify complete
replace nsslapd-ldapimaptoentries:
on
modifying entry "cn=config"
modify complete
2019-02-18T17:21:00Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )
2019-02-18T17:21:00Z DEBUG step duration: dirsrv __root_autobind 0.04 sec
2019-02-18T17:21:00Z DEBUG [4/41]: stopping directory server
2019-02-18T17:21:00Z DEBUG Starting external process
2019-02-18T17:21:00Z DEBUG args=['/bin/systemctl', 'stop', u'dirsrv(a)REDCAPCLOUD-LOCAL.service']
2019-02-18T17:21:03Z DEBUG Process finished, return code=0
2019-02-18T17:21:03Z DEBUG stdout=
2019-02-18T17:21:03Z DEBUG stderr=
2019-02-18T17:21:03Z DEBUG step duration: dirsrv __stop_instance 2.40 sec
2019-02-18T17:21:03Z DEBUG [5/41]: updating configuration in dse.ldif
2019-02-18T17:21:03Z DEBUG step duration: dirsrv __update_dse_ldif 0.05 sec
2019-02-18T17:21:03Z DEBUG [6/41]: starting directory server
2019-02-18T17:21:03Z DEBUG Starting external process
2019-02-18T17:21:03Z DEBUG args=['/bin/systemctl', 'start', u'dirsrv(a)REDCAPCLOUD-LOCAL.service']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=
2019-02-18T17:21:08Z DEBUG stderr=
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/bin/systemctl', 'is-active', u'dirsrv(a)REDCAPCLOUD-LOCAL.service']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=active
2019-02-18T17:21:08Z DEBUG stderr=
2019-02-18T17:21:08Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2019-02-18T17:21:08Z DEBUG waiting for port: 389
2019-02-18T17:21:08Z DEBUG SUCCESS: port: 389
2019-02-18T17:21:08Z DEBUG Created connection context.ldap2_140046070759824
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __start_instance 5.30 sec
2019-02-18T17:21:08Z DEBUG [7/41]: adding default schema
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __add_default_schemas 0.02 sec
2019-02-18T17:21:08Z DEBUG [8/41]: enabling memberof plugin
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/memberof-conf.ldif', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=replace nsslapd-pluginenabled:
on
add memberofgroupattr:
memberUser
add memberofgroupattr:
memberHost
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __add_memberof_module 0.04 sec
2019-02-18T17:21:08Z DEBUG [9/41]: enabling winsync plugin
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-winsync-conf.ldif', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa-winsync
add nsslapd-pluginpath:
libipa_winsync
add nsslapd-plugininitfunc:
ipa_winsync_plugin_init
add nsslapd-pluginDescription:
Allows IPA to work with the DS windows sync feature
add nsslapd-pluginid:
ipa-winsync
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-plugin-depends-on-type:
database
add ipaWinSyncRealmFilter:
(objectclass=krbRealmContainer)
add ipaWinSyncRealmAttr:
cn
add ipaWinSyncNewEntryFilter:
(cn=ipaConfig)
add ipaWinSyncNewUserOCAttr:
ipauserobjectclasses
add ipaWinSyncUserFlatten:
true
add ipaWinsyncHomeDirAttr:
ipaHomesRootDir
add ipaWinsyncLoginShellAttr:
ipaDefaultLoginShell
add ipaWinSyncDefaultGroupAttr:
ipaDefaultPrimaryGroup
add ipaWinSyncDefaultGroupFilter:
(gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
add ipaWinSyncAcctDisable:
both
add ipaWinSyncForceSync:
true
add ipaWinSyncUserAttr:
uidNumber -1
gidNumber -1
adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __add_winsync_module 0.03 sec
2019-02-18T17:21:08Z DEBUG [10/41]: configuring replication version plugin
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/version-conf.ldif', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Version Replication
add nsslapd-pluginpath:
libipa_repl_version
add nsslapd-plugininitfunc:
repl_version_plugin_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
off
add nsslapd-pluginid:
ipa_repl_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Replication version plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-plugin-depends-on-named:
Multimaster Replication Plugin
adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __config_version_module 0.02 sec
2019-02-18T17:21:08Z DEBUG [11/41]: enabling IPA enrollment plugin
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpt43nhm', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa_enrollment_extop
add nsslapd-pluginpath:
libipa_enrollment_extop
add nsslapd-plugininitfunc:
ipaenrollment_init
add nsslapd-plugintype:
extendedop
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_enrollment_extop
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
RedHat
add nsslapd-plugindescription:
Enroll hosts into the IPA domain
add nsslapd-plugin-depends-on-type:
database
add nsslapd-realmTree:
dc=redcapcloud,dc=local
adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __add_enrollment_module 0.02 sec
2019-02-18T17:21:08Z DEBUG [12/41]: configuring uniqueness plugin
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpJb_hf9', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
krbPrincipalName uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
krbPrincipalName
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=redcapcloud,dc=local
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=redcapcloud,dc=local
add uniqueness-across-all-subtrees:
on
adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
krbCanonicalName uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
krbCanonicalName
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=redcapcloud,dc=local
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=redcapcloud,dc=local
add uniqueness-across-all-subtrees:
on
adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
netgroup uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
cn
add uniqueness-subtrees:
cn=ng,cn=alt,dc=redcapcloud,dc=local
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipaUniqueID uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
ipaUniqueID
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=redcapcloud,dc=local
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=redcapcloud,dc=local
add uniqueness-across-all-subtrees:
on
adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
sudorule name uniqueness
add nsslapd-pluginDescription:
Enforce unique attribute values
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
cn
add uniqueness-subtrees:
cn=sudorules,cn=sudo,dc=redcapcloud,dc=local
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __set_unique_attrs 0.06 sec
2019-02-18T17:21:08Z DEBUG [13/41]: configuring uuid plugin
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/uuid-conf.ldif', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA UUID
add nsslapd-pluginpath:
libipa_uuid
add nsslapd-plugininitfunc:
ipauuid_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipauuid_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA UUID plugin
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA UUID,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpEvFqiX', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
IPA Unique IDs
add ipaUuidAttr:
ipaUniqueID
add ipaUuidMagicRegen:
autogenerate
add ipaUuidFilter:
(|(objectclass=ipaObject)(objectclass=ipaAssociation))
add ipaUuidScope:
dc=redcapcloud,dc=local
add ipaUuidEnforce:
TRUE
adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete
add objectclass:
top
extensibleObject
add cn:
IPK11 Unique IDs
add ipaUuidAttr:
ipk11UniqueID
add ipaUuidMagicRegen:
autogenerate
add ipaUuidFilter:
(objectclass=ipk11Object)
add ipaUuidScope:
dc=redcapcloud,dc=local
add ipaUuidEnforce:
FALSE
adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __config_uuid_module 0.05 sec
2019-02-18T17:21:08Z DEBUG [14/41]: configuring modrdn plugin
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/modrdn-conf.ldif', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA MODRDN
add nsslapd-pluginpath:
libipa_modrdn
add nsslapd-plugininitfunc:
ipamodrdn_init
add nsslapd-plugintype:
betxnpostoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipamodrdn_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA MODRDN plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginPrecedence:
60
adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpLsRRTw', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
Kerberos Principal Name
add ipaModRDNsourceAttr:
uid
add ipaModRDNtargetAttr:
krbPrincipalName
add ipaModRDNsuffix:
@REDCAPCLOUD.LOCAL
add ipaModRDNfilter:
(&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
dc=redcapcloud,dc=local
adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete
add objectclass:
top
extensibleObject
add cn:
Kerberos Canonical Name
add ipaModRDNsourceAttr:
uid
add ipaModRDNtargetAttr:
krbCanonicalName
add ipaModRDNsuffix:
@REDCAPCLOUD.LOCAL
add ipaModRDNfilter:
(&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
dc=redcapcloud,dc=local
adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __config_modrdn_module 0.05 sec
2019-02-18T17:21:08Z DEBUG [15/41]: configuring DNS plugin
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-dns-conf.ldif', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=add objectclass:
top
nsslapdPlugin
extensibleObject
add cn:
IPA DNS
add nsslapd-plugindescription:
IPA DNS support plugin
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_dns
add nsslapd-plugininitfunc:
ipadns_init
add nsslapd-pluginpath:
libipa_dns.so
add nsslapd-plugintype:
preoperation
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-pluginversion:
1.0
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA DNS,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __config_dns_module 0.03 sec
2019-02-18T17:21:08Z DEBUG [16/41]: enabling entryUSN plugin
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/entryusn.ldif', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=replace nsslapd-entryusn-global:
on
modifying entry "cn=config"
modify complete
replace nsslapd-entryusn-import-initval:
next
modifying entry "cn=config"
modify complete
replace nsslapd-pluginenabled:
on
modifying entry "cn=USN,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __enable_entryusn 0.05 sec
2019-02-18T17:21:08Z DEBUG [17/41]: configuring lockout plugin
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/lockout-conf.ldif', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Lockout
add nsslapd-pluginpath:
libipa_lockout
add nsslapd-plugininitfunc:
ipalockout_init
add nsslapd-plugintype:
object
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipalockout_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Lockout plugin
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __config_lockout_module 0.02 sec
2019-02-18T17:21:08Z DEBUG [18/41]: configuring topology plugin
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpbiTtV7', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:08Z DEBUG Process finished, return code=0
2019-02-18T17:21:08Z DEBUG stdout=add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Topology Configuration
add nsslapd-pluginPath:
libtopology
add nsslapd-pluginInitfunc:
ipa_topo_init
add nsslapd-pluginType:
object
add nsslapd-pluginEnabled:
on
add nsslapd-topo-plugin-shared-config-base:
cn=ipa,cn=etc,dc=redcapcloud,dc=local
add nsslapd-topo-plugin-shared-replica-root:
dc=redcapcloud,dc=local
o=ipaca
add nsslapd-topo-plugin-shared-binddngroup:
cn=replication managers,cn=sysaccounts,cn=etc,dc=redcapcloud,dc=local
add nsslapd-topo-plugin-startup-delay:
20
add nsslapd-pluginId:
none
add nsslapd-plugin-depends-on-named:
ldbm database
Multimaster Replication Plugin
add nsslapd-pluginVersion:
1.0
add nsslapd-pluginVendor:
none
add nsslapd-pluginDescription:
none
adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:08Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:08Z DEBUG step duration: dirsrv __config_topology_module 0.02 sec
2019-02-18T17:21:08Z DEBUG [19/41]: creating indices
2019-02-18T17:21:08Z DEBUG Starting external process
2019-02-18T17:21:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/indices.ldif', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:09Z DEBUG Process finished, return code=0
2019-02-18T17:21:09Z DEBUG stdout=add objectClass:
top
nsIndex
add cn:
krbPrincipalName
add nsSystemIndex:
false
add nsIndexType:
eq
sub
add nsMatchingRule:
caseIgnoreIA5Match
caseExactIA5Match
adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
ou
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
carLicense
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
title
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
manager
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
secretary
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
displayname
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add nsIndexType:
sub
modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
uidnumber
add nsSystemIndex:
false
add nsIndexType:
eq
add nsMatchingRule:
integerOrderingMatch
adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
gidnumber
add nsSystemIndex:
false
add nsIndexType:
eq
add nsMatchingRule:
integerOrderingMatch
adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
replace nsIndexType:
eq
pres
modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
replace nsIndexType:
eq
pres
modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add ObjectClass:
top
nsIndex
add cn:
fqdn
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add ObjectClass:
top
nsIndex
add cn:
macAddress
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberHost
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberUser
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
sourcehost
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberservice
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
managedby
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberallowcmd
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberdenycmd
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipasudorunas
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipasudorunasgroup
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
automountkey
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipakrbprincipalalias
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipauniqueid
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipaMemberCa
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipaMemberCertProfile
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
userCertificate
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipalocation
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
krbCanonicalName
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
serverhostname
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
description
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
l
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
nsOsVersion
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
nsHardwarePlatform
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
nsHostLocation
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:09Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:09Z DEBUG step duration: dirsrv __create_indices 0.15 sec
2019-02-18T17:21:09Z DEBUG [20/41]: enabling referential integrity plugin
2019-02-18T17:21:09Z DEBUG Starting external process
2019-02-18T17:21:09Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/referint-conf.ldif', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:09Z DEBUG Process finished, return code=0
2019-02-18T17:21:09Z DEBUG stdout=replace nsslapd-pluginenabled:
on
modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:09Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:09Z DEBUG step duration: dirsrv __add_referint_module 0.04 sec
2019-02-18T17:21:09Z DEBUG [21/41]: configuring certmap.conf
2019-02-18T17:21:09Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-02-18T17:21:09Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-02-18T17:21:09Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-02-18T17:21:09Z DEBUG step duration: dirsrv __certmap_conf 0.00 sec
2019-02-18T17:21:09Z DEBUG [22/41]: configure new location for managed entries
2019-02-18T17:21:09Z DEBUG Starting external process
2019-02-18T17:21:09Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpUaJnBA', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:09Z DEBUG Process finished, return code=0
2019-02-18T17:21:09Z DEBUG stdout=add nsslapd-pluginConfigArea:
cn=Definitions,cn=Managed Entries,cn=etc,dc=redcapcloud,dc=local
modifying entry "cn=Managed Entries,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:09Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:09Z DEBUG step duration: dirsrv __repoint_managed_entries 0.02 sec
2019-02-18T17:21:09Z DEBUG [23/41]: configure dirsrv ccache
2019-02-18T17:21:09Z DEBUG Backing up system configuration file '/etc/default/dirsrv'
2019-02-18T17:21:09Z DEBUG -> Not backing up - already have a copy of '/etc/default/dirsrv'
2019-02-18T17:21:09Z DEBUG step duration: dirsrv configure_dirsrv_ccache 0.00 sec
2019-02-18T17:21:09Z DEBUG [24/41]: enabling SASL mapping fallback
2019-02-18T17:21:09Z DEBUG Starting external process
2019-02-18T17:21:09Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpWdqdpy', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:09Z DEBUG Process finished, return code=0
2019-02-18T17:21:09Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
on
modifying entry "cn=config"
modify complete
2019-02-18T17:21:09Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:09Z DEBUG step duration: dirsrv __enable_sasl_mapping_fallback 0.03 sec
2019-02-18T17:21:09Z DEBUG [25/41]: restarting directory server
2019-02-18T17:21:09Z DEBUG Destroyed connection context.ldap2_140046070759824
2019-02-18T17:21:09Z DEBUG Starting external process
2019-02-18T17:21:09Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload']
2019-02-18T17:21:09Z DEBUG Process finished, return code=0
2019-02-18T17:21:09Z DEBUG stdout=
2019-02-18T17:21:09Z DEBUG stderr=
2019-02-18T17:21:09Z DEBUG Starting external process
2019-02-18T17:21:09Z DEBUG args=['/bin/systemctl', 'restart', u'dirsrv(a)REDCAPCLOUD-LOCAL.service']
2019-02-18T17:21:16Z DEBUG Process finished, return code=0
2019-02-18T17:21:16Z DEBUG stdout=
2019-02-18T17:21:16Z DEBUG stderr=
2019-02-18T17:21:16Z DEBUG Starting external process
2019-02-18T17:21:16Z DEBUG args=['/bin/systemctl', 'is-active', u'dirsrv(a)REDCAPCLOUD-LOCAL.service']
2019-02-18T17:21:16Z DEBUG Process finished, return code=0
2019-02-18T17:21:16Z DEBUG stdout=active
2019-02-18T17:21:16Z DEBUG stderr=
2019-02-18T17:21:16Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2019-02-18T17:21:16Z DEBUG waiting for port: 389
2019-02-18T17:21:16Z DEBUG SUCCESS: port: 389
2019-02-18T17:21:16Z DEBUG Starting external process
2019-02-18T17:21:16Z DEBUG args=['/bin/systemctl', 'is-active', u'dirsrv(a)REDCAPCLOUD-LOCAL.service']
2019-02-18T17:21:16Z DEBUG Process finished, return code=0
2019-02-18T17:21:16Z DEBUG stdout=active
2019-02-18T17:21:16Z DEBUG stderr=
2019-02-18T17:21:16Z DEBUG Created connection context.ldap2_140046070759824
2019-02-18T17:21:16Z DEBUG step duration: dirsrv __restart_instance 6.97 sec
2019-02-18T17:21:16Z DEBUG [26/41]: creating DS keytab
2019-02-18T17:21:16Z DEBUG raw: service_add(u'ldap/vmnvipa-1c.redcapcloud.local(a)REDCAPCLOUD.LOCAL', force=True, version=u'2.229')
2019-02-18T17:21:16Z DEBUG service_add(ipapython.kerberos.Principal('ldap/vmnvipa-1c.redcapcloud.local(a)REDCAPCLOUD.LOCAL'), force=True, all=False, raw=False, version=u'2.229', no_members=False)
2019-02-18T17:21:16Z DEBUG raw: host_show(u'vmnvipa-1c.redcapcloud.local', version=u'2.229')
2019-02-18T17:21:16Z DEBUG host_show(u'vmnvipa-1c.redcapcloud.local', rights=False, all=False, raw=False, version=u'2.229', no_members=False)
2019-02-18T17:21:16Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab'
2019-02-18T17:21:16Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist
2019-02-18T17:21:16Z DEBUG Starting external process
2019-02-18T17:21:16Z DEBUG args=['/usr/sbin/ipa-getkeytab', '-k', '/etc/dirsrv/ds.keytab', '-p', u'ldap/vmnvipa-1c.redcapcloud.local(a)REDCAPCLOUD.LOCAL', '-H', u'ldaps://vmfripa-1c.redcapcloud.local']
2019-02-18T17:21:19Z DEBUG Process finished, return code=0
2019-02-18T17:21:19Z DEBUG stdout=
2019-02-18T17:21:19Z DEBUG stderr=Failed to parse result: Failed to decode GetKeytab Control.
Retrying with pre-4.0 keytab retrieval method...
Failed to retrieve encryption type Camellia-128 CTS mode with CMAC (#25)
Failed to retrieve encryption type Camellia-256 CTS mode with CMAC (#26)
Keytab successfully retrieved and stored in: /etc/dirsrv/ds.keytab
2019-02-18T17:21:19Z DEBUG step duration: dirsrv request_service_keytab 3.75 sec
2019-02-18T17:21:19Z DEBUG [27/41]: ignore time skew for initial replication
2019-02-18T17:21:19Z DEBUG Starting external process
2019-02-18T17:21:19Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpTboe3X', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:19Z DEBUG Process finished, return code=0
2019-02-18T17:21:19Z DEBUG stdout=replace nsslapd-ignore-time-skew:
on
modifying entry "cn=config"
modify complete
2019-02-18T17:21:19Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:19Z DEBUG step duration: dirsrv __replica_ignore_initial_time_skew 0.03 sec
2019-02-18T17:21:19Z DEBUG [28/41]: setting up initial replication
2019-02-18T17:21:19Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-REDCAPCLOUD-LOCAL.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f5f02d027a0>
2019-02-18T17:21:19Z DEBUG Destroyed connection context.ldap2_140046070759824
2019-02-18T17:21:19Z DEBUG Starting external process
2019-02-18T17:21:19Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload']
2019-02-18T17:21:20Z DEBUG Process finished, return code=0
2019-02-18T17:21:20Z DEBUG stdout=
2019-02-18T17:21:20Z DEBUG stderr=
2019-02-18T17:21:20Z DEBUG Starting external process
2019-02-18T17:21:20Z DEBUG args=['/bin/systemctl', 'restart', u'dirsrv(a)REDCAPCLOUD-LOCAL.service']
2019-02-18T17:21:25Z DEBUG Process finished, return code=0
2019-02-18T17:21:25Z DEBUG stdout=
2019-02-18T17:21:25Z DEBUG stderr=
2019-02-18T17:21:25Z DEBUG Created connection context.ldap2_140046070759824
2019-02-18T17:21:26Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
2019-02-18T17:21:27Z DEBUG retrieving schema for SchemaCache url=ldap://vmfripa-1c.redcapcloud.local:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f5f025155a8>
2019-02-18T17:21:27Z DEBUG Successfully updated nsDS5ReplicaId.
2019-02-18T17:21:35Z DEBUG step duration: dirsrv __setup_replica 15.99 sec
2019-02-18T17:21:35Z DEBUG [29/41]: prevent time skew after initial replication
2019-02-18T17:21:35Z DEBUG Starting external process
2019-02-18T17:21:35Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpLhn4v_', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:35Z DEBUG Process finished, return code=0
2019-02-18T17:21:35Z DEBUG stdout=replace nsslapd-ignore-time-skew:
off
modifying entry "cn=config"
modify complete
2019-02-18T17:21:35Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:35Z DEBUG step duration: dirsrv replica_manage_time_skew 0.02 sec
2019-02-18T17:21:35Z DEBUG [30/41]: adding sasl mappings to the directory
2019-02-18T17:21:35Z DEBUG flushing ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket from SchemaCache
2019-02-18T17:21:35Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f5f02d46ef0>
2019-02-18T17:21:36Z DEBUG step duration: dirsrv __configure_sasl_mappings 0.18 sec
2019-02-18T17:21:36Z DEBUG [31/41]: updating schema
2019-02-18T17:21:36Z DEBUG Starting external process
2019-02-18T17:21:36Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/schema-update.ldif', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:36Z DEBUG Process finished, return code=0
2019-02-18T17:21:36Z DEBUG stdout=add objectClasses:
( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsslapd-pluginPath $ nsslapd-pluginInitFunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pluginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pluginEnabled ) MAY ( nsslapd-pluginConfigArea $ nsslapd-plugin-depends-on-type ) X-ORIGIN 'Netscape Directory Server' )
( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY ( nsSaslMapPriority ) X-ORIGIN 'Netscape Directory Server' )
modifying entry "cn=schema"
modify complete
2019-02-18T17:21:36Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:36Z DEBUG step duration: dirsrv __update_schema 0.22 sec
2019-02-18T17:21:36Z DEBUG [32/41]: setting Auto Member configuration
2019-02-18T17:21:36Z DEBUG Starting external process
2019-02-18T17:21:36Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpeR1Hna', '-H', u'ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket', '-Y', 'EXTERNAL']
2019-02-18T17:21:36Z DEBUG Process finished, return code=0
2019-02-18T17:21:36Z DEBUG stdout=add nsslapd-pluginConfigArea:
cn=automember,cn=etc,dc=redcapcloud,dc=local
modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config"
modify complete
2019-02-18T17:21:36Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-REDCAPCLOUD-LOCAL.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-02-18T17:21:36Z DEBUG step duration: dirsrv __add_replica_automember_config 0.02 sec
2019-02-18T17:21:36Z DEBUG [33/41]: enabling S4U2Proxy delegation
2019-02-18T17:21:36Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 555, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 541, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", line 983, in __setup_s4u2proxy
__add_principal('ipa-http-delegation', 'HTTP', self)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", line 976, in __add_principal
entry = api.Backend.ldap2.get_entry(dn, ['memberPrincipal'])
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1549, in get_entry
size_limit=size_limit, get_effective_rights=get_effective_rights,
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1361, in get_entries
**kwargs)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1499, in find_entries
break
File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1017, in error_handler
raise errors.NotFound(reason=arg_desc or 'no such entry')
NotFound: no such entry
2019-02-18T17:21:36Z DEBUG [error] NotFound: no such entry
2019-02-18T17:21:36Z DEBUG Destroyed connection context.ldap2_140046055825552
2019-02-18T17:21:36Z DEBUG Backing up system configuration file '/etc/ipa/default.conf'
2019-02-18T17:21:36Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-02-18T17:21:36Z DEBUG Writing configuration file /etc/ipa/default.conf
2019-02-18T17:21:36Z DEBUG [global]
basedn = dc=redcapcloud,dc=local
host = vmnvipa-1c.redcapcloud.local
realm = REDCAPCLOUD.LOCAL
domain = redcapcloud.local
xmlrpc_uri = https://vmnvipa-1c.redcapcloud.local/ipa/xml
ldap_uri = ldapi://%2fvar%2frun%2fslapd-REDCAPCLOUD-LOCAL.socket
mode = production
enable_ra = True
ra_plugin = dogtag
dogtag_version = 10
ca_host = vmfripa-1c.redcapcloud.local
2019-02-18T17:21:36Z DEBUG File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in execute
return_value = self.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line 319, in run
return cfgr.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 364, in run
return self.execute()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 389, in execute
for rval in self._executor():
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 424, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 658, in _configure
next(executor)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 521, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 518, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 424, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line 65, in _install
for unused in self._installer(self.parent):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/__init__.py", line 620, in main
replica_install(self)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py", line 402, in decorated
func(installer)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py", line 1421, in install
pkcs12_info=dirsrv_pkcs12_info)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py", line 111, in install_replica_ds
setup_pkinit=not options.no_pkinit,
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", line 419, in create_replica
self.start_creation(runtime=30)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 555, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 541, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", line 983, in __setup_s4u2proxy
__add_principal('ipa-http-delegation', 'HTTP', self)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", line 976, in __add_principal
entry = api.Backend.ldap2.get_entry(dn, ['memberPrincipal'])
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1549, in get_entry
size_limit=size_limit, get_effective_rights=get_effective_rights,
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1361, in get_entries
**kwargs)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1499, in find_entries
break
File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1017, in error_handler
raise errors.NotFound(reason=arg_desc or 'no such entry')
2019-02-18T17:21:36Z DEBUG The ipa-replica-install command failed, exception: NotFound: no such entry
2019-02-18T17:21:36Z ERROR no such entry
2019-02-18T17:21:36Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
Any idea how to fix the issue so that I can register this node as a replica of the existing IPA cluster?
Regards and Thanks in advance.
Peter
5 years, 3 months
FreeIPA CS replication issues
by dbischof@hrz.uni-kassel.de
Hi,
my IPA system consists of 2 masters (ipa1 and ipa2, both on FreeIPA 4.6.4)
with their own self-signed CAs, one of them being the certificate renewal
master (ipa1). The system has been running for years and has been migrated
from an IPA 3 system. Both IPA servers are on domain level 1.
Problem: CS replication failed, probably months ago.
--- ipa1 ---
$ ipa-csreplica-manage -v list ipa1.example.com
ipa2.example.com
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP server (connection error)
last update ended: 1970-01-01 00:00:00+00:00
--
$ ipa-csreplica-manage -v list ipa2.example.com
[no output]
----
Same on ipa2.
Probably related:
---
ERR - slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected)
---
Every 5 mins in /var/log/dirsrv/slapd-EXAMPLE-COM/errors. However, these
error messages could refer to ipa3.example.com, a master i deleted long (>
2 years) ago:
---
$ ipa-replica-manage list-ruv
Replica Update Vectors:
ipa2.example.com:389: 10
ipa1.example.com:389: 9
Certificate Server Replica Update Vectors:
ipa2.example.com:389: 11
ipa1.example.com:389: 91
ipa2.example.com:7389: 96
ipa3.example.com:7389: 97
---
How do i track this down and resolve the problem?
Mit freundlichen Gruessen/With best regards,
--Daniel.
5 years, 3 months
is anyone running Debian as freeipa-client
by Johan Vermeulen
Hello All,
first of all, we have great success running Freeipa and Freeipa-clients on
Centos.
Thanks for making this possible! I think this is a really important peace
of software for Linux.
Now it would come in handy if I could field some Debian clients for some
purposes.
But on the current stable release there is no freeipa client.
I have installed some freeipa-clients from unstable, but it's not ideal.
I'm wondering, is anyone doing this at the moment.
Is there some repo for this?
Can this be compiled from source?
Thanks for any help.
Greetings, J.
5 years, 3 months
Issues with AD user ssh
by D
Hello,
Would anyone mind helping me troubleshoot a problem?
1. Running a two-way trust between AD2016 and ipa-server 4.5.4-10.el7.
2. Unable to log into an IPA client with an AD account via ssh. The client has no trouble with “kinit $ad_user” and “getent passwd $ad_user”.
3. The AD user appears to properly exist in the correct groups for IPA/ad internal/external mapping as described in the docs.
I think the problem occurs here, with the PAC fetch:
==> /var/log/sssd/sssd_pac.log <==
(Mon Feb 11 05:24:36 2019) [sssd[pac]] [sysdb_search_object_attr] (0x0020): Search with filter [(&(|(objectCategory=user)(objectCategory=group))(objectSIDString= < MY SID HERE >))] returned more than one object.
(Mon Feb 11 05:24:36 2019) [sssd[pac]] [sysdb_search_object_attr] (0x0040): Error: 22 (Invalid argument)
(Mon Feb 11 05:24:36 2019) [sssd[pac]] [cache_req_search_cache] (0x0020): CR #5: Unable to lookup [<MY SID>@ad.domain.com] in cache [22]: Invalid argument
==> /var/log/sssd/krb5_child.log-20190210 <==
(Mon Feb 11 05:24:36 2019) [[sssd[krb5_child[26961]]]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][22].
(Mon Feb 11 05:24:36 2019) [[sssd[krb5_child[26961]]]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [<my username>@AD.DOMAIN.COM] might not be correct.
(Mon Feb 11 05:24:36 2019) [[sssd[krb5_child[26961]]]] [create_ccache] (0x0020): 973: [-1750600185][Invalid UID in persistent keyring name]
(Mon Feb 11 05:24:36 2019) [[sssd[krb5_child[26961]]]] [map_krb5_error] (0x0020): 1657: [-1750600185][Invalid UID in persistent keyring name]
==> /var/log/sssd/sssd_ipa.domain.com.log <==
(Mon Feb 11 05:24:36 2019) [sssd[be[ipa.domain.com]]] [child_sig_handler] (0x0100): child [26961] finished successfully.
(Mon Feb 11 05:24:36 2019) [sssd[be[ipa.domain.com]]] [krb5_auth_done] (0x0040): The krb5_child process returned an error. Please inspect the krb5_child.log file or the journal for more information
Addtl. Details:
# ipa service-show ldap/prod-ipa01.ipa.domain.com(a)IPA.DOMAIN.COM| grep PAC
PAC type: MS-PAC
Thanks,
D
5 years, 3 months
Upgrade 4.4 -> 4.6 failed
by Torsten Harenberg
Dear all,
we are trying to upgrade our IPA 4.4 to current 4.6.
So we did a "yum update" and then a "ipa-server-upgrade" which
miserably failes with:
ipaserver.install.server.upgrade: INFO: [Migrating certificate profiles
to LDAP]
ipalib.backend: DEBUG: Created connection context.ldap2_140564957536912
ipapython.ipaldap: DEBUG: flushing
ldapi://%2fvar%2frun%2fslapd-PLEIADES-UNI-WUPPERTAL-DE.socket from
SchemaCache
ipapython.ipaldap: DEBUG: retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-PLEIADES-UNI-WUPPERTAL-DE.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7fd7d5efe7a0>
ipalib.backend: DEBUG: Destroyed connection context.ldap2_140564957536912
ipapython.dogtag: DEBUG: request GET
https://ipa2.pleiades.uni-wuppertal.de:8443/ca/rest/account/login
ipapython.dogtag: DEBUG: request body ''
ipapython.dogtag: DEBUG: response status 401
ipapython.dogtag: DEBUG: response headers Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 01:00:00 CET
WWW-Authenticate: Basic realm="Certificate Authority"
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 951
Date: Tue, 12 Feb 2019 10:48:51 GMT
ipapython.dogtag: DEBUG: response body '<html><head><title>Apache
Tomcat/7.0.76 - Error report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 401 - </h1><HR size="1"
noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b>
<u></u></p><p><b>description</b> <u>This request requires HTTP
authentication.</u></p><HR size="1" noshade="noshade"><h3>Apache
Tomcat/7.0.76</h3></body></html>'
ipaserver.install.ipa_server_upgrade: ERROR: IPA server upgrade failed:
Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
ipapython.admintool: DEBUG: File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in
execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py",
line 54, in run
server.upgrade()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
line 2085, in upgrade
upgrade_configuration()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
line 1952, in upgrade_configuration
ca_enable_ldap_profile_subsystem(ca)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
line 396, in ca_enable_ldap_profile_subsystem
cainstance.migrate_profiles_to_ldap()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
1814, in migrate_profiles_to_ldap
_create_dogtag_profile(profile_id, profile_data, overwrite=False)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
1820, in _create_dogtag_profile
with api.Backend.ra_certprofile as profile_api:
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dogtag.py",
line 1302, in __enter__
raise errors.RemoteRetrieveError(reason=_('Failed to authenticate to
CA REST API'))
ipapython.admintool: DEBUG: The ipa-server-upgrade command failed,
exception: RemoteRetrieveError: Failed to authenticate to CA REST API
ipapython.admintool: ERROR: Unexpected error - see
/var/log/ipaupgrade.log for details:
RemoteRetrieveError: Failed to authenticate to CA REST API
ipapython.admintool: ERROR: The ipa-server-upgrade command failed. See
/var/log/ipaupgrade.log for more information
Unfortunately, we couldn't find anything useful in the pki-tomcat log.
Of course you see the 404:
[root@ipa2 pki-tomcat]# tail catalina.2019-02-12.log
Feb 12, 2019 11:48:16 AM com.netscape.cms.tomcat.PKIListener lifecycleEvent
INFO: PKIListener: org.apache.catalina.core.StandardServer [after_start]
Feb 12, 2019 11:48:16 AM com.netscape.cms.tomcat.PKIListener
verifySubsystems
INFO: PKIListener: Subsystem CA is running.
Feb 12, 2019 11:48:16 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 10810 ms
Feb 12, 2019 11:48:51 AM
com.netscape.cms.tomcat.AbstractPKIAuthenticator doAuthenticate
INFO: PKIAuthenticator: Authenticate with client certificate authentication
Feb 12, 2019 11:48:51 AM
com.netscape.cms.tomcat.AbstractPKIAuthenticator doAuthenticate
INFO: PKIAuthenticator: Result: false
[root@ipa2 pki-tomcat]# tail localhost_access_log.2019-02-12.txt
IP - - [12/Feb/2019:11:37:14 +0100] "GET /ca/rest/account/login
HTTP/1.1" 401 951
IP - - [12/Feb/2019:11:39:48 +0100] "POST /ca/admin/ca/getStatus
HTTP/1.1" 200 167
IP - - [12/Feb/2019:11:39:48 +0100] "POST /ca/admin/ca/getStatus
HTTP/1.1" 200 167
IP - - [12/Feb/2019:11:40:20 +0100] "GET /ca/rest/account/login
HTTP/1.1" 401 951
IP - - [12/Feb/2019:11:45:21 +0100] "POST /ca/admin/ca/getStatus
HTTP/1.1" 200 167
IP - - [12/Feb/2019:11:46:04 +0100] "POST /ca/admin/ca/getStatus
HTTP/1.1" 200 167
IP - - [12/Feb/2019:11:47:58 +0100] "POST /ca/admin/ca/getStatus
HTTP/1.1" 200 167
IP - - [12/Feb/2019:11:48:16 +0100] "POST /ca/admin/ca/getStatus
HTTP/1.1" 200 167
IP - - [12/Feb/2019:11:48:17 +0100] "POST /ca/admin/ca/getStatus
HTTP/1.1" 200 167
IP - - [12/Feb/2019:11:48:51 +0100] "GET /ca/rest/account/login
HTTP/1.1" 401 951
Any ideas would be (again) much appreciated!
Thanks a lot
Torsten
--
Dr. Torsten Harenberg harenberg(a)physik.uni-wuppertal.de
Bergische Universitaet
Fakultät 4 - Physik Tel.: +49 (0)202 439-3521
Gaussstr. 20 Fax : +49 (0)202 439-2811
42097 Wuppertal
5 years, 3 months
Freeipa and squid
by Николай Савельев
Hello.
There is perfect article about squid and freeipa - https://www.freeipa.org/page/Squid_Integration_with_FreeIPA_using_Single_...
But I want to access in Internet with different rules - some group with full access, some - without sotial networks, an group without access,
I use helper ext_kerberos_ldap_group_acl an all works fine.
But with AD users it dont work.
IPA domain - FS.LAN
AD domain - START-LINE.LOCAL
kerberos_ldap_group: ERROR: Error while getting tgt : Server krbtgt/START-LINE.LOCAL(a)FS.LAN
I tried to do debug:
kerberos_ldap_group: DEBUG: Get principal name from keytab /etc/krb5.keytab
kerberos_ldap_group: DEBUG: Keytab entry has realm name: FS.LAN
kerberos_ldap_group: DEBUG: Did not find a principal in keytab for domain START-LINE.LOCAL.
kerberos_ldap_group: DEBUG: Try to get principal of trusted domain.
kerberos_ldap_group: DEBUG: Keytab entry has principal: host/mail.fs.lan(a)FS.LAN
kerberos_ldap_group: ERROR: Error while getting TGT : Server krbtgt/START-LINE.LOCAL(a)FS.LAN not found in Kerberos database
May I could doing somthing trought manipulation with sssd.conf or krb5.conf?
--
С уважением, Николай.
5 years, 3 months
CA no certs being tracked?
by Chris Mohler
Hi Everyone,
I'm looking for some help. I'm having trouble with everything basically.
I think one of my CA's certs expired or something. I can't kinit admin,
I can't login via the WebGui. If I "getcert list" it returns "Number of
certificates and requests being tracked: 0."
This all started happening a few days ago and I am at a loss as to what
happened. On a whim I set the system date and time back a few months to
see if my certs were expired and like magic I can login to the Webgui
but I'm still not tracking anything with "getcert list" I suspect the
cert has expired but without tracking it I can't tell, or renew it.
Please help
I'm running Centos 7, FreeIPA 4.5.4
Thanks,
-Chris
5 years, 3 months
Looking Again
by Mitchell Smith
Hi Melissa,
I just wanted to drop you an email to let you know I am actively looking again.
I have been with my current employer for approaching four months now,
and unfortunately I am not really enjoying it.
As you will have noticed from my resume, I tend to stick with
employers for several years, and I can’t envision that happening with
my current role.
If you have any opportunities available in Sydney at the moment that
you think would be a good match, then I would be very interested to
discuss them with you.
I have attached another copy of my resume to this email for your convenience.
Thanks for your time.
Mitch
5 years, 3 months