hi
here I have something very easily reproducible I think.
I have two masters IPA, fist one stood alone for a while and
then I added the second server.
Then I ipa-restored the first master to a data backup from a
day or two before second master was added and now:
...
Starting pki-tomcatd Service
Failed to start pki-tomcatd Service
in /var/log/pki/pki-tomcat/ca/debug:
...
[04/Apr/2018:11:56:27][localhost-startStop-1]:
SSLClientCertificateSelectionCB: Setting desired cert
nickname to: subsystemCert cert-pki-ca
[04/Apr/2018:11:56:27][localhost-startStop-1]:
LdapJssSSLSocket: set client auth cert nickname
subsystemCert cert-pki-ca
[04/Apr/2018:11:56:27][localhost-startStop-1]:
SSLClientCertificatSelectionCB: Entering!
[04/Apr/2018:11:56:27][localhost-startStop-1]: Candidate
cert: subsystemCert cert-pki-ca
[04/Apr/2018:11:56:27][localhost-startStop-1]:
SSLClientCertificateSelectionCB: desired cert found in list:
subsystemCert cert-pki-ca
[04/Apr/2018:11:56:27][localhost-startStop-1]:
SSLClientCertificateSelectionCB: returning: subsystemCert
cert-pki-ca
[04/Apr/2018:11:56:27][localhost-startStop-1]: SSL handshake
happened
Could not connect to LDAP server host swir.private port 636
Error netscape.ldap.LDAPException: Authentication failed (49)
at
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205)
at
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166)
at
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
at
com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
at
com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1176)
at
com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1082)
at
com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:572)
at com.netscape.certsrv.apps.CMS.init(CMS.java:189)
at com.netscape.certsrv.apps.CMS.start(CMS.java:1631)
at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117)
at
javax.servlet.GenericServlet.init(GenericServlet.java:158)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
at java.security.AccessController.doPrivileged(Native
Method)
...
Is this normal/expected?
Many thanks, L.