Andrea Stacchiotti via FreeIPA-users wrote:
Thank you for your answer.
There is no record in the /var/log/dirsrv/slapd-REALM/access logfile at the time of `ipact start`, which means it didn't even get to the query.
To get kinit and ldapsearch to work I had to reinstall ipa, when I do I get a valid kerberos token and a good result, see at the bottom.
Then I try `ipactl restart` and I get the same bug again, now the services are down and I can't bring them up, unless I reinstall. My team is trying different installation methods and OSes, maybe we can figure it out.
Any help is appreciated.
[root@ipa-innovation slapd-PRIVATE-ACUS-EU]# klist Ticket cache: KCM:0 Default principal: admin@PRIVATE.ACUS.EU
Valid starting Expires Service principal 05/09/2024 15:39:44 05/10/2024 15:04:45 krbtgt/PRIVATE.ACUS.EU@PRIVATE.ACUS.EU [root@ipa-innovation slapd-PRIVATE-ACUS-EU]# ldapsearch -o ldif-wrap=no -LLL -Q -Y GSSAPI -b cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu "(&(objectClass=ipaConfigObject)(|(ipaConfigString=enabledService)(ipaConfigString=hiddenService)))" cn ipaConfigString dn: cn=KDC,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu cn: KDC ipaConfigString: startOrder 10 ipaConfigString: pacTktSignSupported ipaConfigString: kdcProxyEnabled ipaConfigString: enabledService
dn: cn=KPASSWD,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu cn: KPASSWD ipaConfigString: startOrder 20 ipaConfigString: enabledService
dn: cn=KEYS,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu cn: KEYS ipaConfigString: startOrder 41 ipaConfigString: enabledService
dn: cn=OTPD,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu cn: OTPD ipaConfigString: startOrder 80 ipaConfigString: enabledService
dn: cn=HTTP,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu cn: HTTP ipaConfigString: startOrder 40 ipaConfigString: enabledService
The only split()s in ipactl, which is likely the source of the error, are separating the hostname from the port in the ldap_url when it is not an ldapi url and separating startOrder from its precedence. Those values look correct.
rob