Andrea Stacchiotti via FreeIPA-users wrote:
Thank you for your answer.
There is no record in the /var/log/dirsrv/slapd-REALM/access logfile at the time of
`ipact start`, which means it didn't even get to the query.
To get kinit and ldapsearch to work I had to reinstall ipa, when I do I get a valid
kerberos token and a good result, see at the bottom.
Then I try `ipactl restart` and I get the same bug again, now the services are down and I
can't bring them up, unless I reinstall.
My team is trying different installation methods and OSes, maybe we can figure it out.
Any help is appreciated.
[root@ipa-innovation slapd-PRIVATE-ACUS-EU]# klist
Ticket cache: KCM:0
Default principal: admin(a)PRIVATE.ACUS.EU
Valid starting Expires Service principal
05/09/2024 15:39:44 05/10/2024 15:04:45 krbtgt/PRIVATE.ACUS.EU(a)PRIVATE.ACUS.EU
[root@ipa-innovation slapd-PRIVATE-ACUS-EU]# ldapsearch -o ldif-wrap=no -LLL -Q -Y GSSAPI
-b cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
"(&(objectClass=ipaConfigObject)(|(ipaConfigString=enabledService)(ipaConfigString=hiddenService)))"
cn ipaConfigString
dn:
cn=KDC,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
cn: KDC
ipaConfigString: startOrder 10
ipaConfigString: pacTktSignSupported
ipaConfigString: kdcProxyEnabled
ipaConfigString: enabledService
dn:
cn=KPASSWD,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
cn: KPASSWD
ipaConfigString: startOrder 20
ipaConfigString: enabledService
dn:
cn=KEYS,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
cn: KEYS
ipaConfigString: startOrder 41
ipaConfigString: enabledService
dn:
cn=OTPD,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
cn: OTPD
ipaConfigString: startOrder 80
ipaConfigString: enabledService
dn:
cn=HTTP,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu
cn: HTTP
ipaConfigString: startOrder 40
ipaConfigString: enabledService
The only split()s in ipactl, which is likely the source of the error,
are separating the hostname from the port in the ldap_url when it is not
an ldapi url and separating startOrder from its precedence. Those values
look correct.
rob