Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 1366463 Details for
Bug 1524833
pkispawn is unable to generate a CSR
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh92 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
freeIPA server install log
ipaserver-install.log (text/plain), 144.31 KB, created by
Standa Laznicka
on 2017-12-12 08:42:32 UTC
(
hide
)
Description:
freeIPA server install log
Filename:
MIME Type:
Creator:
Standa Laznicka
Created:
2017-12-12 08:42:32 UTC
Size:
144.31 KB
patch
obsolete
>2017-12-12T07:42:18Z DEBUG Logging to /var/log/ipaserver-install.log >2017-12-12T07:42:18Z INFO Checking DNS domain IPA.TEST, please wait ... >2017-12-12T07:42:18Z DEBUG ipa-server-install was invoked with arguments [] and options: {'unattended': True, 'ip_addresses': None, 'domain_name': 'IPA.TEST', 'realm_name': 'IPA.TEST', 'host_name': 'master.ipa.test', 'ca_cert_files': None, 'domain_level': None, 'setup_adtrust': False, 'setup_kra': False, 'setup_dns': True, 'idstart': None, 'idmax': None, 'no_hbac_allow': False, 'no_pkinit': False, 'no_ui_redirect': False, 'dirsrv_config_file': None, 'dirsrv_cert_files': None, 'http_cert_files': None, 'pkinit_cert_files': None, 'dirsrv_cert_name': None, 'http_cert_name': None, 'pkinit_cert_name': None, 'mkhomedir': False, 'no_ntp': False, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'no_dns_sshfp': False, 'external_ca': True, 'external_ca_type': None, 'external_cert_files': None, 'subject_base': None, 'ca_subject': None, 'ca_signing_algorithm': None, 'allow_zone_overlap': False, 'reverse_zones': None, 'no_reverse': True, 'auto_reverse': False, 'zonemgr': None, 'forwarders': None, 'no_forwarders': False, 'auto_forwarders': True, 'forward_policy': None, 'no_dnssec_validation': False, 'no_host_dns': False, 'enable_compat': False, 'netbios_name': None, 'no_msdcs': False, 'rid_base': None, 'secondary_rid_base': None, 'ignore_topology_disconnect': False, 'ignore_last_of_role': False, 'verbose': False, 'quiet': False, 'log_file': None, 'uninstall': False} >2017-12-12T07:42:18Z DEBUG IPA version 4.6.1-3.fc27 >2017-12-12T07:42:18Z DEBUG Searching for an interface of IP address: ::1 >2017-12-12T07:42:18Z DEBUG Testing local IP address: ::1/128 (interface: lo) >2017-12-12T07:42:18Z DEBUG Starting external process >2017-12-12T07:42:18Z DEBUG args=/usr/sbin/selinuxenabled >2017-12-12T07:42:18Z DEBUG Process finished, return code=1 >2017-12-12T07:42:18Z DEBUG stdout= >2017-12-12T07:42:18Z DEBUG stderr= >2017-12-12T07:42:18Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' >2017-12-12T07:42:18Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:18Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:18Z DEBUG Starting external process >2017-12-12T07:42:18Z DEBUG args=/bin/systemctl is-enabled chronyd.service >2017-12-12T07:42:18Z DEBUG Process finished, return code=1 >2017-12-12T07:42:18Z DEBUG stdout= >2017-12-12T07:42:18Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory > >2017-12-12T07:42:18Z DEBUG Starting external process >2017-12-12T07:42:18Z DEBUG args=/bin/systemctl is-active chronyd.service >2017-12-12T07:42:18Z DEBUG Process finished, return code=3 >2017-12-12T07:42:18Z DEBUG stdout=inactive > >2017-12-12T07:42:18Z DEBUG stderr= >2017-12-12T07:42:18Z DEBUG Starting external process >2017-12-12T07:42:18Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS >2017-12-12T07:42:18Z DEBUG Process finished, return code=0 >2017-12-12T07:42:18Z DEBUG stdout=VirtualHost configuration: >*:8443 master.ipa.test (/etc/httpd/conf.d/nss.conf:83) > >2017-12-12T07:42:18Z DEBUG stderr= >2017-12-12T07:42:18Z DEBUG Check if master.ipa.test is a primary hostname for localhost >2017-12-12T07:42:18Z DEBUG Primary hostname for localhost: master.ipa.test >2017-12-12T07:42:18Z DEBUG will use host_name: master.ipa.test > >2017-12-12T07:42:18Z DEBUG importing all plugin modules in ipaserver.plugins... >2017-12-12T07:42:18Z DEBUG importing plugin module ipaserver.plugins.aci >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.automember >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.automount >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.baseldap >2017-12-12T07:42:19Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.baseuser >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.batch >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.ca >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.caacl >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.cert >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.certmap >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.certprofile >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.config >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.delegation >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.dns >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.dogtag >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.group >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.hbac >2017-12-12T07:42:19Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.hbactest >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.host >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.idrange >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.idviews >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.internal >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.join >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.location >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.migration >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.misc >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.netgroup >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.otp >2017-12-12T07:42:19Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.otptoken >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.passwd >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.permission >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.ping >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.pkinit >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.privilege >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.rabase >2017-12-12T07:42:19Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.role >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.schema >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.selfservice >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.server >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.serverrole >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.serverroles >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.service >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.session >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.stageuser >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.sudo >2017-12-12T07:42:19Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.sudorule >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.topology >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.trust >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.user >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.vault >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.virtual >2017-12-12T07:42:19Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.whoami >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2017-12-12T07:42:19Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.dns >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2017-12-12T07:42:19Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2017-12-12T07:42:20Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:20Z INFO Checking DNS domain ipa.test., please wait ... >2017-12-12T07:42:20Z DEBUG Name master.ipa.test resolved to {UnsafeIPAddress('172.17.0.2')} >2017-12-12T07:42:20Z DEBUG Searching for an interface of IP address: 172.17.0.2 >2017-12-12T07:42:20Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo) >2017-12-12T07:42:20Z DEBUG Testing local IP address: 172.17.0.2/255.255.0.0 (interface: eth0) >2017-12-12T07:42:20Z DEBUG IP address 172.17.0.2 belongs to a private range, using forward policy only >2017-12-12T07:42:20Z DEBUG Checking DNS server: 10.37.170.1 >2017-12-12T07:42:20Z DEBUG will use DNS forwarders: ['10.37.170.1'] > >2017-12-12T07:42:20Z DEBUG Backing up system configuration file '/etc/hostname' >2017-12-12T07:42:20Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:20Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:20Z DEBUG Starting external process >2017-12-12T07:42:20Z DEBUG args=/bin/hostnamectl set-hostname master.ipa.test >2017-12-12T07:42:20Z DEBUG Process finished, return code=0 >2017-12-12T07:42:20Z DEBUG stdout= >2017-12-12T07:42:20Z DEBUG stderr=Skipping invocation of /bin/hostnamectl set-hostname master.ipa.test in unprivileged container. > >2017-12-12T07:42:20Z DEBUG Backing up system configuration file '/etc/hosts' >2017-12-12T07:42:20Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:20Z DEBUG Starting external process >2017-12-12T07:42:20Z DEBUG args=/bin/systemctl is-enabled chronyd.service >2017-12-12T07:42:20Z DEBUG Process finished, return code=1 >2017-12-12T07:42:20Z DEBUG stdout= >2017-12-12T07:42:20Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory > >2017-12-12T07:42:20Z DEBUG Starting external process >2017-12-12T07:42:20Z DEBUG args=/bin/systemctl is-active chronyd.service >2017-12-12T07:42:20Z DEBUG Process finished, return code=3 >2017-12-12T07:42:20Z DEBUG stdout=inactive > >2017-12-12T07:42:20Z DEBUG stderr= >2017-12-12T07:42:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:20Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:20Z DEBUG Configuring NTP daemon (ntpd) >2017-12-12T07:42:20Z DEBUG [1/4]: stopping ntpd >2017-12-12T07:42:20Z DEBUG Starting external process >2017-12-12T07:42:20Z DEBUG args=/bin/systemctl is-active ntpd.service >2017-12-12T07:42:20Z DEBUG Process finished, return code=3 >2017-12-12T07:42:20Z DEBUG stdout=inactive > >2017-12-12T07:42:20Z DEBUG stderr= >2017-12-12T07:42:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:20Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:20Z DEBUG Starting external process >2017-12-12T07:42:20Z DEBUG args=/bin/systemctl stop ntpd.service >2017-12-12T07:42:20Z DEBUG Process finished, return code=0 >2017-12-12T07:42:20Z DEBUG stdout= >2017-12-12T07:42:20Z DEBUG stderr= >2017-12-12T07:42:20Z DEBUG duration: 0 seconds >2017-12-12T07:42:20Z DEBUG [2/4]: writing configuration >2017-12-12T07:42:20Z DEBUG Backing up system configuration file '/etc/ntp.conf' >2017-12-12T07:42:20Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:20Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' >2017-12-12T07:42:20Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:20Z DEBUG duration: 0 seconds >2017-12-12T07:42:20Z DEBUG [3/4]: configuring ntpd to start on boot >2017-12-12T07:42:20Z DEBUG Starting external process >2017-12-12T07:42:20Z DEBUG args=/bin/systemctl is-enabled ntpd.service >2017-12-12T07:42:20Z DEBUG Process finished, return code=1 >2017-12-12T07:42:20Z DEBUG stdout=disabled > >2017-12-12T07:42:20Z DEBUG stderr= >2017-12-12T07:42:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:20Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:20Z DEBUG Starting external process >2017-12-12T07:42:20Z DEBUG args=/bin/systemctl enable ntpd.service >2017-12-12T07:42:20Z DEBUG Process finished, return code=0 >2017-12-12T07:42:20Z DEBUG stdout= >2017-12-12T07:42:20Z DEBUG stderr=Created symlink /etc/systemd/system/multi-user.target.wants/ntpd.service â /usr/lib/systemd/system/ntpd.service. > >2017-12-12T07:42:20Z DEBUG duration: 0 seconds >2017-12-12T07:42:20Z DEBUG [4/4]: starting ntpd >2017-12-12T07:42:20Z DEBUG Starting external process >2017-12-12T07:42:20Z DEBUG args=/bin/systemctl start ntpd.service >2017-12-12T07:42:20Z DEBUG Process finished, return code=0 >2017-12-12T07:42:20Z DEBUG stdout= >2017-12-12T07:42:20Z DEBUG stderr=Failed to open /dev/tty: No such device or address > >2017-12-12T07:42:20Z DEBUG Starting external process >2017-12-12T07:42:20Z DEBUG args=/bin/systemctl is-active ntpd.service >2017-12-12T07:42:20Z DEBUG Process finished, return code=0 >2017-12-12T07:42:20Z DEBUG stdout=active > >2017-12-12T07:42:20Z DEBUG stderr= >2017-12-12T07:42:20Z DEBUG duration: 0 seconds >2017-12-12T07:42:20Z DEBUG Done configuring NTP daemon (ntpd). >2017-12-12T07:42:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:20Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds >2017-12-12T07:42:20Z DEBUG [1/45]: creating directory server instance >2017-12-12T07:42:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:20Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:20Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' >2017-12-12T07:42:20Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:20Z DEBUG >dn: dc=ipa,dc=test >objectClass: top >objectClass: domain >objectClass: pilotObject >dc: ipa >info: IPA V2.0 > >2017-12-12T07:42:20Z DEBUG writing inf template >2017-12-12T07:42:20Z DEBUG >[General] >FullMachineName= master.ipa.test >SuiteSpotUserID= dirsrv >SuiteSpotGroup= dirsrv >ServerRoot= /usr/lib64/dirsrv >[slapd] >ServerPort= 389 >ServerIdentifier= IPA-TEST >Suffix= dc=ipa,dc=test >RootDN= cn=Directory Manager >InstallLdifFile= /var/lib/dirsrv/boot.ldif >inst_dir= /var/lib/dirsrv/scripts-IPA-TEST > >2017-12-12T07:42:20Z DEBUG calling setup-ds.pl >2017-12-12T07:42:20Z DEBUG Starting external process >2017-12-12T07:42:20Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmp_p9i7wr0 >2017-12-12T07:42:26Z DEBUG Process finished, return code=0 >2017-12-12T07:42:26Z DEBUG stdout=[17/12/12:07:42:26] - [Setup] Info Your new DS instance 'IPA-TEST' was successfully created. >Your new DS instance 'IPA-TEST' was successfully created. >[17/12/12:07:42:26] - [Setup] Success Exiting . . . >Log file is '-' > >Exiting . . . >Log file is '-' > > >2017-12-12T07:42:26Z DEBUG stderr= >2017-12-12T07:42:26Z DEBUG completed creating DS instance >2017-12-12T07:42:26Z DEBUG duration: 5 seconds >2017-12-12T07:42:26Z DEBUG [2/45]: enabling ldapi >2017-12-12T07:42:26Z DEBUG Starting external process >2017-12-12T07:42:26Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpm71s25nn -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmp72un07hf >2017-12-12T07:42:26Z DEBUG Process finished, return code=0 >2017-12-12T07:42:26Z DEBUG stdout=replace nsslapd-ldapilisten: > on >modifying entry "cn=config" >modify complete > > >2017-12-12T07:42:26Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base ) > >2017-12-12T07:42:26Z DEBUG duration: 0 seconds >2017-12-12T07:42:26Z DEBUG [3/45]: configure autobind for root >2017-12-12T07:42:26Z DEBUG Starting external process >2017-12-12T07:42:26Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmpw14h2jtm >2017-12-12T07:42:26Z DEBUG Process finished, return code=0 >2017-12-12T07:42:26Z DEBUG stdout=add objectClass: > extensibleObject > top >add cn: > root-autobind >add uidNumber: > 0 >add gidNumber: > 0 >adding new entry "cn=root-autobind,cn=config" >modify complete > >replace nsslapd-ldapiautobind: > on >modifying entry "cn=config" >modify complete > >replace nsslapd-ldapimaptoentries: > on >modifying entry "cn=config" >modify complete > > >2017-12-12T07:42:26Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base ) > >2017-12-12T07:42:26Z DEBUG duration: 0 seconds >2017-12-12T07:42:26Z DEBUG [4/45]: stopping directory server >2017-12-12T07:42:26Z DEBUG Starting external process >2017-12-12T07:42:26Z DEBUG args=/bin/systemctl stop dirsrv@IPA-TEST.service >2017-12-12T07:42:28Z DEBUG Process finished, return code=0 >2017-12-12T07:42:28Z DEBUG stdout= >2017-12-12T07:42:28Z DEBUG stderr=Failed to open /dev/tty: No such device or address > >2017-12-12T07:42:28Z DEBUG duration: 2 seconds >2017-12-12T07:42:28Z DEBUG [5/45]: updating configuration in dse.ldif >2017-12-12T07:42:28Z DEBUG Starting external process >2017-12-12T07:42:28Z DEBUG args=/usr/sbin/selinuxenabled >2017-12-12T07:42:28Z DEBUG Process finished, return code=1 >2017-12-12T07:42:28Z DEBUG stdout= >2017-12-12T07:42:28Z DEBUG stderr= >2017-12-12T07:42:28Z DEBUG duration: 0 seconds >2017-12-12T07:42:28Z DEBUG [6/45]: starting directory server >2017-12-12T07:42:28Z DEBUG Starting external process >2017-12-12T07:42:28Z DEBUG args=/bin/systemctl start dirsrv@IPA-TEST.service >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout= >2017-12-12T07:42:33Z DEBUG stderr=Failed to open /dev/tty: No such device or address > >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/bin/systemctl is-active dirsrv@IPA-TEST.service >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=active > >2017-12-12T07:42:33Z DEBUG stderr= >2017-12-12T07:42:33Z DEBUG wait_for_open_ports: localhost [389] timeout 300 >2017-12-12T07:42:33Z DEBUG waiting for port: 389 >2017-12-12T07:42:33Z DEBUG SUCCESS: port: 389 >2017-12-12T07:42:33Z DEBUG Created connection context.ldap2_140134590517880 >2017-12-12T07:42:33Z DEBUG duration: 4 seconds >2017-12-12T07:42:33Z DEBUG [7/45]: adding default schema >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [8/45]: enabling memberof plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=replace nsslapd-pluginenabled: > on >add memberofgroupattr: > memberUser >add memberofgroupattr: > memberHost >modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [9/45]: enabling winsync plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa-winsync >add nsslapd-pluginpath: > libipa_winsync >add nsslapd-plugininitfunc: > ipa_winsync_plugin_init >add nsslapd-pluginDescription: > Allows IPA to work with the DS windows sync feature >add nsslapd-pluginid: > ipa-winsync >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-plugin-depends-on-type: > database >add ipaWinSyncRealmFilter: > (objectclass=krbRealmContainer) >add ipaWinSyncRealmAttr: > cn >add ipaWinSyncNewEntryFilter: > (cn=ipaConfig) >add ipaWinSyncNewUserOCAttr: > ipauserobjectclasses >add ipaWinSyncUserFlatten: > true >add ipaWinsyncHomeDirAttr: > ipaHomesRootDir >add ipaWinsyncLoginShellAttr: > ipaDefaultLoginShell >add ipaWinSyncDefaultGroupAttr: > ipaDefaultPrimaryGroup >add ipaWinSyncDefaultGroupFilter: > (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) >add ipaWinSyncAcctDisable: > both >add ipaWinSyncForceSync: > true >add ipaWinSyncUserAttr: > uidNumber -1 > gidNumber -1 >adding new entry "cn=ipa-winsync,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [10/45]: configuring replication version plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Version Replication >add nsslapd-pluginpath: > libipa_repl_version >add nsslapd-plugininitfunc: > repl_version_plugin_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > off >add nsslapd-pluginid: > ipa_repl_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Replication version plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-plugin-depends-on-named: > Multimaster Replication Plugin >adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [11/45]: enabling IPA enrollment plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpihim0dgr -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_enrollment_extop >add nsslapd-pluginpath: > libipa_enrollment_extop >add nsslapd-plugininitfunc: > ipaenrollment_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_enrollment_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Enroll hosts into the IPA domain >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=ipa,dc=test >adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [12/45]: configuring uniqueness plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmptmve3c3b -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbPrincipalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > krbPrincipalName >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=ipa,dc=test >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=test >add uniqueness-across-all-subtrees: > on >adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbCanonicalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > krbCanonicalName >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=ipa,dc=test >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=test >add uniqueness-across-all-subtrees: > on >adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > netgroup uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > cn >add uniqueness-subtrees: > cn=ng,cn=alt,dc=ipa,dc=test >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipaUniqueID uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > ipaUniqueID >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=ipa,dc=test >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=test >add uniqueness-across-all-subtrees: > on >adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > sudorule name uniqueness >add nsslapd-pluginDescription: > Enforce unique attribute values >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > cn >add uniqueness-subtrees: > cn=sudorules,cn=sudo,dc=ipa,dc=test >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [13/45]: configuring uuid plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA UUID >add nsslapd-pluginpath: > libipa_uuid >add nsslapd-plugininitfunc: > ipauuid_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipauuid_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA UUID plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpkjbhmhaz -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > IPA Unique IDs >add ipaUuidAttr: > ipaUniqueID >add ipaUuidMagicRegen: > autogenerate >add ipaUuidFilter: > (|(objectclass=ipaObject)(objectclass=ipaAssociation)) >add ipaUuidScope: > dc=ipa,dc=test >add ipaUuidEnforce: > TRUE >adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > IPK11 Unique IDs >add ipaUuidAttr: > ipk11UniqueID >add ipaUuidMagicRegen: > autogenerate >add ipaUuidFilter: > (objectclass=ipk11Object) >add ipaUuidScope: > dc=ipa,dc=test >add ipaUuidEnforce: > FALSE >adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [14/45]: configuring modrdn plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA MODRDN >add nsslapd-pluginpath: > libipa_modrdn >add nsslapd-plugininitfunc: > ipamodrdn_init >add nsslapd-plugintype: > betxnpostoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipamodrdn_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA MODRDN plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginPrecedence: > 60 >adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp19vviaa7 -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Kerberos Principal Name >add ipaModRDNsourceAttr: > uid >add ipaModRDNtargetAttr: > krbPrincipalName >add ipaModRDNsuffix: > @IPA.TEST >add ipaModRDNfilter: > (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) >add ipaModRDNscope: > dc=ipa,dc=test >adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > Kerberos Canonical Name >add ipaModRDNsourceAttr: > uid >add ipaModRDNtargetAttr: > krbCanonicalName >add ipaModRDNsuffix: > @IPA.TEST >add ipaModRDNfilter: > (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) >add ipaModRDNscope: > dc=ipa,dc=test >adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [15/45]: configuring DNS plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectclass: > top > nsslapdPlugin > extensibleObject >add cn: > IPA DNS >add nsslapd-plugindescription: > IPA DNS support plugin >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_dns >add nsslapd-plugininitfunc: > ipadns_init >add nsslapd-pluginpath: > libipa_dns.so >add nsslapd-plugintype: > preoperation >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-pluginversion: > 1.0 >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA DNS,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [16/45]: enabling entryUSN plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=replace nsslapd-entryusn-global: > on >modifying entry "cn=config" >modify complete > >replace nsslapd-entryusn-import-initval: > next >modifying entry "cn=config" >modify complete > >replace nsslapd-pluginenabled: > on >modifying entry "cn=USN,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [17/45]: configuring lockout plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Lockout >add nsslapd-pluginpath: > libipa_lockout >add nsslapd-plugininitfunc: > ipalockout_init >add nsslapd-plugintype: > object >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipalockout_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Lockout plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA Lockout,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [18/45]: configuring topology plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpe2ca3_8m -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Topology Configuration >add nsslapd-pluginPath: > libtopology >add nsslapd-pluginInitfunc: > ipa_topo_init >add nsslapd-pluginType: > object >add nsslapd-pluginEnabled: > on >add nsslapd-topo-plugin-shared-config-base: > cn=ipa,cn=etc,dc=ipa,dc=test >add nsslapd-topo-plugin-shared-replica-root: > dc=ipa,dc=test > o=ipaca >add nsslapd-topo-plugin-shared-binddngroup: > cn=replication managers,cn=sysaccounts,cn=etc,dc=ipa,dc=test >add nsslapd-topo-plugin-startup-delay: > 20 >add nsslapd-pluginId: > none >add nsslapd-plugin-depends-on-named: > ldbm database > Multimaster Replication Plugin >add nsslapd-pluginVersion: > 1.0 >add nsslapd-pluginVendor: > none >add nsslapd-pluginDescription: > none >adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [19/45]: creating indices >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add objectClass: > top > nsIndex >add cn: > krbPrincipalName >add nsSystemIndex: > false >add nsIndexType: > eq > sub >add nsMatchingRule: > caseIgnoreIA5Match > caseExactIA5Match >adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > ou >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > carLicense >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > title >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > manager >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > secretary >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > displayname >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add nsIndexType: > sub >modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > uidnumber >add nsSystemIndex: > false >add nsIndexType: > eq >add nsMatchingRule: > integerOrderingMatch >adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > gidnumber >add nsSystemIndex: > false >add nsIndexType: > eq >add nsMatchingRule: > integerOrderingMatch >adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >replace nsIndexType: > eq > pres >modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >replace nsIndexType: > eq > pres >modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add ObjectClass: > top > nsIndex >add cn: > fqdn >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add ObjectClass: > top > nsIndex >add cn: > macAddress >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberHost >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberUser >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > sourcehost >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberservice >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > managedby >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberallowcmd >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberdenycmd >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipasudorunas >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipasudorunasgroup >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > automountkey >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipakrbprincipalalias >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipauniqueid >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaMemberCa >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaMemberCertProfile >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > userCertificate >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipalocation >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > krbCanonicalName >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > serverhostname >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [20/45]: enabling referential integrity plugin >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=replace nsslapd-pluginenabled: > on >modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [21/45]: configuring certmap.conf >2017-12-12T07:42:33Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2017-12-12T07:42:33Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2017-12-12T07:42:33Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [22/45]: configure new location for managed entries >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp9lg4zrfu -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=test >modifying entry "cn=Managed Entries,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [23/45]: configure dirsrv ccache >2017-12-12T07:42:33Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' >2017-12-12T07:42:33Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/sbin/selinuxenabled >2017-12-12T07:42:33Z DEBUG Process finished, return code=1 >2017-12-12T07:42:33Z DEBUG stdout= >2017-12-12T07:42:33Z DEBUG stderr= >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [24/45]: enabling SASL mapping fallback >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpfgu37l_5 -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback: > on >modifying entry "cn=config" >modify complete > > >2017-12-12T07:42:33Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:33Z DEBUG duration: 0 seconds >2017-12-12T07:42:33Z DEBUG [25/45]: restarting directory server >2017-12-12T07:42:33Z DEBUG Destroyed connection context.ldap2_140134590517880 >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/bin/systemctl --system daemon-reload >2017-12-12T07:42:33Z DEBUG Process finished, return code=0 >2017-12-12T07:42:33Z DEBUG stdout= >2017-12-12T07:42:33Z DEBUG stderr= >2017-12-12T07:42:33Z DEBUG Starting external process >2017-12-12T07:42:33Z DEBUG args=/bin/systemctl restart dirsrv@IPA-TEST.service >2017-12-12T07:42:39Z DEBUG Process finished, return code=0 >2017-12-12T07:42:39Z DEBUG stdout= >2017-12-12T07:42:39Z DEBUG stderr=Failed to open /dev/tty: No such device or address > >2017-12-12T07:42:39Z DEBUG Starting external process >2017-12-12T07:42:39Z DEBUG args=/bin/systemctl is-active dirsrv@IPA-TEST.service >2017-12-12T07:42:39Z DEBUG Process finished, return code=0 >2017-12-12T07:42:39Z DEBUG stdout=active > >2017-12-12T07:42:39Z DEBUG stderr= >2017-12-12T07:42:39Z DEBUG wait_for_open_ports: localhost [389] timeout 300 >2017-12-12T07:42:39Z DEBUG waiting for port: 389 >2017-12-12T07:42:39Z DEBUG SUCCESS: port: 389 >2017-12-12T07:42:39Z DEBUG Starting external process >2017-12-12T07:42:39Z DEBUG args=/bin/systemctl is-active dirsrv@IPA-TEST.service >2017-12-12T07:42:39Z DEBUG Process finished, return code=0 >2017-12-12T07:42:39Z DEBUG stdout=active > >2017-12-12T07:42:39Z DEBUG stderr= >2017-12-12T07:42:39Z DEBUG Created connection context.ldap2_140134590517880 >2017-12-12T07:42:39Z DEBUG duration: 5 seconds >2017-12-12T07:42:39Z DEBUG [26/45]: adding sasl mappings to the directory >2017-12-12T07:42:39Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket from SchemaCache >2017-12-12T07:42:39Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f739feae550> >2017-12-12T07:42:40Z DEBUG duration: 0 seconds >2017-12-12T07:42:40Z DEBUG [27/45]: adding default layout >2017-12-12T07:42:40Z DEBUG Starting external process >2017-12-12T07:42:40Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp4jdz8dre -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:41Z DEBUG Process finished, return code=0 >2017-12-12T07:42:41Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > accounts >adding new entry "cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > users >adding new entry "cn=users,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > groups >adding new entry "cn=groups,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > services >adding new entry "cn=services,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > computers >adding new entry "cn=computers,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > hostgroups >adding new entry "cn=hostgroups,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer >add cn: > alt >adding new entry "cn=alt,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer >add cn: > ng >adding new entry "cn=ng,cn=alt,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer >add cn: > automount >adding new entry "cn=automount,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer >add cn: > default >adding new entry "cn=default,cn=automount,dc=ipa,dc=test" >modify complete > >add objectClass: > automountMap >add automountMapName: > auto.master >adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=ipa,dc=test" >modify complete > >add objectClass: > automountMap >add automountMapName: > auto.direct >adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=ipa,dc=test" >modify complete > >add objectClass: > automount >add automountKey: > /- >add automountInformation: > auto.direct >add description: > /- auto.direct >adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbac >adding new entry "cn=hbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbacservices >adding new entry "cn=hbacservices,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbacservicegroups >adding new entry "cn=hbacservicegroups,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudo >adding new entry "cn=sudo,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudocmds >adding new entry "cn=sudocmds,cn=sudo,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudocmdgroups >adding new entry "cn=sudocmdgroups,cn=sudo,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudorules >adding new entry "cn=sudorules,cn=sudo,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > etc >adding new entry "cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > locations >adding new entry "cn=locations,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > sysaccounts >adding new entry "cn=sysaccounts,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > ipa >adding new entry "cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > masters >adding new entry "cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > replicas >adding new entry "cn=replicas,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > dna >adding new entry "cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > posix-ids >adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > ca_renewal >adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > certificates >adding new entry "cn=certificates,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > custodia >adding new entry "cn=custodia,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > dogtag >adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > s4u2proxy >adding new entry "cn=s4u2proxy,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > ipaKrb5DelegationACL > groupOfPrincipals > top >add cn: > ipa-http-delegation >add memberPrincipal: > HTTP/master.ipa.test@IPA.TEST >add ipaAllowedTarget: > cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=ipa,dc=test > cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=ipa,dc=test >adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > groupOfPrincipals > top >add cn: > ipa-ldap-delegation-targets >add memberPrincipal: > ldap/master.ipa.test@IPA.TEST >adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > groupOfPrincipals > top >add cn: > ipa-cifs-delegation-targets >adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > top > person > posixaccount > krbprincipalaux > krbticketpolicyaux > inetuser > ipaobject > ipasshuser >add uid: > admin >add krbPrincipalName: > admin@IPA.TEST >add cn: > Administrator >add sn: > Administrator >add uidNumber: > 1390000000 >add gidNumber: > 1390000000 >add homeDirectory: > /home/admin >add loginShell: > /bin/bash >add gecos: > Administrator >add nsAccountLock: > FALSE >add ipaUniqueID: > autogenerate >adding new entry "uid=admin,cn=users,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > posixgroup > ipausergroup > ipaobject >add cn: > admins >add description: > Account administrators group >add gidNumber: > 1390000000 >add member: > uid=admin,cn=users,cn=accounts,dc=ipa,dc=test >add nsAccountLock: > FALSE >add ipaUniqueID: > autogenerate >adding new entry "cn=admins,cn=groups,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup > ipausergroup > ipaobject >add description: > Default group for all users >add cn: > ipausers >add ipaUniqueID: > autogenerate >adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > posixgroup > ipausergroup > ipaobject >add gidNumber: > 1390000002 >add description: > Limited admins who can edit other users >add cn: > editors >add ipaUniqueID: > autogenerate >adding new entry "cn=editors,cn=groups,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupOfNames > nestedGroup > ipaobject > ipahostgroup >add description: > IPA server hosts >add cn: > ipaservers >add ipaUniqueID: > autogenerate >adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sshd >add description: > sshd >add ipauniqueid: > autogenerate >adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > ftp >add description: > ftp >add ipauniqueid: > autogenerate >adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > su >add description: > su >add ipauniqueid: > autogenerate >adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > login >add description: > login >add ipauniqueid: > autogenerate >adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > su-l >add description: > su with login shell >add ipauniqueid: > autogenerate >adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sudo >add description: > sudo >add ipauniqueid: > autogenerate >adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sudo-i >add description: > sudo-i >add ipauniqueid: > autogenerate >adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > gdm >add description: > gdm >add ipauniqueid: > autogenerate >adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > gdm-password >add description: > gdm-password >add ipauniqueid: > autogenerate >adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > kdm >add description: > kdm >add ipauniqueid: > autogenerate >adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectClass: > ipaobject > ipahbacservicegroup > nestedGroup > groupOfNames > top >add cn: > Sudo >add ipauniqueid: > autogenerate >add description: > Default group of Sudo related services >add member: > cn=sudo,cn=hbacservices,cn=hbac,dc=ipa,dc=test > cn=sudo-i,cn=hbacservices,cn=hbac,dc=ipa,dc=test >adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top > ipaGuiConfig > ipaConfigObject >add ipaUserSearchFields: > uid,givenname,sn,telephonenumber,ou,title >add ipaGroupSearchFields: > cn,description >add ipaSearchTimeLimit: > 2 >add ipaSearchRecordsLimit: > 100 >add ipaHomesRootDir: > /home >add ipaDefaultLoginShell: > /bin/sh >add ipaDefaultPrimaryGroup: > ipausers >add ipaMaxUsernameLength: > 32 >add ipaPwdExpAdvNotify: > 4 >add ipaGroupObjectClasses: > top > groupofnames > nestedgroup > ipausergroup > ipaobject >add ipaUserObjectClasses: > top > person > organizationalperson > inetorgperson > inetuser > posixaccount > krbprincipalaux > krbticketpolicyaux > ipaobject > ipasshuser >add ipaDefaultEmailDomain: > ipa.test >add ipaMigrationEnabled: > FALSE >add ipaConfigString: > AllowNThash > KDC:Disable Last Success >add ipaSELinuxUserMapOrder: > guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 >add ipaSELinuxUserMapDefault: > unconfined_u:s0-s0:c0.c1023 >adding new entry "cn=ipaConfig,cn=etc,dc=ipa,dc=test" >modify complete > >add objectclass: > top > nsContainer >add cn: > cosTemplates >adding new entry "cn=cosTemplates,cn=accounts,dc=ipa,dc=test" >modify complete > >add description: > Password Policy based on group membership >add objectClass: > top > ldapsubentry > cosSuperDefinition > cosClassicDefinition >add cosTemplateDn: > cn=cosTemplates,cn=accounts,dc=ipa,dc=test >add cosAttribute: > krbPwdPolicyReference override >add cosSpecifier: > memberOf >adding new entry "cn=Password Policy,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > selinux >adding new entry "cn=selinux,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > usermap >adding new entry "cn=usermap,cn=selinux,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > ranges >adding new entry "cn=ranges,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > top > ipaIDrange > ipaDomainIDRange >add cn: > IPA.TEST_id_range >add ipaBaseID: > 1390000000 >add ipaIDRangeSize: > 200000 >add ipaRangeType: > ipa-local >adding new entry "cn=IPA.TEST_id_range,cn=ranges,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > ca >adding new entry "cn=ca,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > certprofiles >adding new entry "cn=certprofiles,cn=ca,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > caacls >adding new entry "cn=caacls,cn=ca,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > cas >adding new entry "cn=cas,cn=ca,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:41Z DEBUG duration: 1 seconds >2017-12-12T07:42:41Z DEBUG [28/45]: adding delegation layout >2017-12-12T07:42:41Z DEBUG Starting external process >2017-12-12T07:42:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpi40jc7y2 -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:41Z DEBUG Process finished, return code=0 >2017-12-12T07:42:41Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > roles >adding new entry "cn=roles,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > pbac >adding new entry "cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > privileges >adding new entry "cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > permissions >adding new entry "cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > helpdesk >add description: > Helpdesk >adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > User Administrators >add description: > User Administrators >adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Group Administrators >add description: > Group Administrators >adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Administrators >add description: > Host Administrators >adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Group Administrators >add description: > Host Group Administrators >adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Delegation Administrator >add description: > Role administration >adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > DNS Administrators >add description: > DNS Administrators >adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > DNS Servers >add description: > DNS Servers >adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Service Administrators >add description: > Service Administrators >adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Automount Administrators >add description: > Automount Administrators >adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Netgroups Administrators >add description: > Netgroups Administrators >adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Certificate Administrators >add description: > Certificate Administrators >adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Replication Administrators >add description: > Replication Administrators >add member: > cn=admins,cn=groups,cn=accounts,dc=ipa,dc=test >adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Enrollment >add description: > Host Enrollment >adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Administrators >add description: > Stage User Administrators >adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Provisioning >add description: > Stage User Provisioning >adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Add Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test >adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test >adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Read Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test >adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Remove Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test >adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify DNA Range >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test >adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > virtual operations >adding new entry "cn=virtual operations,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Retrieve Certificates from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test >adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=ipa,dc=test" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test >adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=ipa,dc=test" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificates from a different host >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test >adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=ipa,dc=test" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Get Certificates status from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test >adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=ipa,dc=test" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Revoke Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test >adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=ipa,dc=test" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "dc=ipa,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Certificate Remove Hold >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=ipa,dc=test >adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=ipa,dc=test" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:41Z DEBUG duration: 0 seconds >2017-12-12T07:42:41Z DEBUG [29/45]: creating container for managed entries >2017-12-12T07:42:41Z DEBUG Starting external process >2017-12-12T07:42:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp2613hnjq -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:41Z DEBUG Process finished, return code=0 >2017-12-12T07:42:41Z DEBUG stdout=add objectClass: > nsContainer > top >add cn: > Managed Entries >adding new entry "cn=Managed Entries,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > Templates >adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=ipa,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > Definitions >adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:41Z DEBUG duration: 0 seconds >2017-12-12T07:42:41Z DEBUG [30/45]: configuring user private groups >2017-12-12T07:42:41Z DEBUG Starting external process >2017-12-12T07:42:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp5m2vljb0 -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:41Z DEBUG Process finished, return code=0 >2017-12-12T07:42:41Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > UPG Template >add mepRDNAttr: > cn >add mepStaticAttr: > objectclass: posixgroup > objectclass: ipaobject > ipaUniqueId: autogenerate >add mepMappedAttr: > cn: $uid > gidNumber: $uidNumber > description: User private group for $uid >adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=ipa,dc=test" >modify complete > >add objectclass: > extensibleObject >add cn: > UPG Definition >add originScope: > cn=users,cn=accounts,dc=ipa,dc=test >add originFilter: > (&(objectclass=posixAccount)(!(description=__no_upg__))) >add managedBase: > cn=groups,cn=accounts,dc=ipa,dc=test >add managedTemplate: > cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=ipa,dc=test >adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:41Z DEBUG duration: 0 seconds >2017-12-12T07:42:41Z DEBUG [31/45]: configuring netgroups from hostgroups >2017-12-12T07:42:41Z DEBUG Starting external process >2017-12-12T07:42:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpksa3guhy -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:41Z DEBUG Process finished, return code=0 >2017-12-12T07:42:41Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > NGP HGP Template >add mepRDNAttr: > cn >add mepStaticAttr: > ipaUniqueId: autogenerate > objectclass: ipanisnetgroup > objectclass: ipaobject > nisDomainName: ipa.test >add mepMappedAttr: > cn: $cn > memberHost: $dn > description: ipaNetgroup $cn >adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=ipa,dc=test" >modify complete > >add objectclass: > extensibleObject >add cn: > NGP Definition >add originScope: > cn=hostgroups,cn=accounts,dc=ipa,dc=test >add originFilter: > objectclass=ipahostgroup >add managedBase: > cn=ng,cn=alt,dc=ipa,dc=test >add managedTemplate: > cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=ipa,dc=test >adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:41Z DEBUG duration: 0 seconds >2017-12-12T07:42:41Z DEBUG [32/45]: creating default Sudo bind user >2017-12-12T07:42:41Z DEBUG Starting external process >2017-12-12T07:42:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpw52u4vtg -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:41Z DEBUG Process finished, return code=0 >2017-12-12T07:42:41Z DEBUG stdout=add objectclass: > account > simplesecurityobject >add uid: > sudo >add userPassword: > XXXXXXXX >add passwordExpirationTime: > 20380119031407Z >add nsIdleTimeout: > 0 >adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:41Z DEBUG duration: 0 seconds >2017-12-12T07:42:41Z DEBUG [33/45]: creating default Auto Member layout >2017-12-12T07:42:41Z DEBUG Starting external process >2017-12-12T07:42:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp9covv7ox -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:42Z DEBUG Process finished, return code=0 >2017-12-12T07:42:42Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=automember,cn=etc,dc=ipa,dc=test >modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsContainer >add cn: > automember >adding new entry "cn=automember,cn=etc,dc=ipa,dc=test" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Hostgroup >add autoMemberScope: > cn=computers,cn=accounts,dc=ipa,dc=test >add autoMemberFilter: > objectclass=ipaHost >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=ipa,dc=test" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Group >add autoMemberScope: > cn=users,cn=accounts,dc=ipa,dc=test >add autoMemberFilter: > objectclass=posixAccount >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Group,cn=automember,cn=etc,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:42Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:42Z DEBUG duration: 0 seconds >2017-12-12T07:42:42Z DEBUG [34/45]: adding range check plugin >2017-12-12T07:42:42Z DEBUG Starting external process >2017-12-12T07:42:42Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpks8zygpk -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:42Z DEBUG Process finished, return code=0 >2017-12-12T07:42:42Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Range-Check >add nsslapd-pluginpath: > libipa_range_check >add nsslapd-plugininitfunc: > ipa_range_check_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_range_check_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Range-Check plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=ipa,dc=test >adding new entry "cn=IPA Range-Check,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:42Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:42Z DEBUG duration: 0 seconds >2017-12-12T07:42:42Z DEBUG [35/45]: creating default HBAC rule allow_all >2017-12-12T07:42:42Z DEBUG Starting external process >2017-12-12T07:42:42Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpsm0pg4ub -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:42Z DEBUG Process finished, return code=0 >2017-12-12T07:42:42Z DEBUG stdout=add objectclass: > ipaassociation > ipahbacrule >add cn: > allow_all >add accessruletype: > allow >add usercategory: > all >add hostcategory: > all >add servicecategory: > all >add ipaenabledflag: > TRUE >add description: > Allow all users to access any host from any host >add ipauniqueid: > autogenerate >adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:42Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:42Z DEBUG duration: 0 seconds >2017-12-12T07:42:42Z DEBUG [36/45]: adding entries for topology management >2017-12-12T07:42:42Z DEBUG Starting external process >2017-12-12T07:42:42Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpt_wll_gb -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:42Z DEBUG Process finished, return code=0 >2017-12-12T07:42:42Z DEBUG stdout=add objectclass: > top > nsContainer >add cn: > topology >adding new entry "cn=topology,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > >add objectclass: > top > iparepltopoconf >add ipaReplTopoConfRoot: > dc=ipa,dc=test >add nsDS5ReplicatedAttributeList: > (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >add nsDS5ReplicatedAttributeListTotal: > (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >add nsds5ReplicaStripAttrs: > modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp >add cn: > domain >adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:42Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:42Z DEBUG duration: 0 seconds >2017-12-12T07:42:42Z DEBUG [37/45]: initializing group membership >2017-12-12T07:42:42Z DEBUG Starting external process >2017-12-12T07:42:42Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpb73ecuyf -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:42Z DEBUG Process finished, return code=0 >2017-12-12T07:42:42Z DEBUG stdout=add objectClass: > top > extensibleObject >add cn: > IPA install >add basedn: > dc=ipa,dc=test >add filter: > (objectclass=*) >add ttl: > 10 >adding new entry "cn=IPA install 1513064540, cn=memberof task, cn=tasks, cn=config" >modify complete > > >2017-12-12T07:42:42Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:42Z DEBUG Waiting for memberof task to complete. >2017-12-12T07:42:42Z DEBUG retrieving schema for SchemaCache url=ldap://master.ipa.test:389 conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f739e990cf8> >2017-12-12T07:42:43Z DEBUG duration: 1 seconds >2017-12-12T07:42:43Z DEBUG [38/45]: adding master entry >2017-12-12T07:42:43Z DEBUG Starting external process >2017-12-12T07:42:43Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp8bbr51dv -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:43Z DEBUG Process finished, return code=0 >2017-12-12T07:42:43Z DEBUG stdout=add objectclass: > top > nsContainer > ipaReplTopoManagedServer > ipaConfigObject > ipaSupportedDomainLevelConfig >add cn: > master.ipa.test >add ipaReplTopoManagedSuffix: > dc=ipa,dc=test >add ipaMinDomainLevel: > 0 >add ipaMaxDomainLevel: > 1 >adding new entry "cn=master.ipa.test,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:43Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:43Z DEBUG duration: 0 seconds >2017-12-12T07:42:43Z DEBUG [39/45]: initializing domain level >2017-12-12T07:42:43Z DEBUG Starting external process >2017-12-12T07:42:43Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp5lzqvl3x -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:43Z DEBUG Process finished, return code=0 >2017-12-12T07:42:43Z DEBUG stdout=add objectClass: > top > nsContainer > ipaDomainLevelConfig >add ipaDomainLevel: > 1 >adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:43Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:43Z DEBUG duration: 0 seconds >2017-12-12T07:42:43Z DEBUG [40/45]: configuring Posix uid/gid generation >2017-12-12T07:42:43Z DEBUG Starting external process >2017-12-12T07:42:43Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpftegg_z4 -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:43Z DEBUG Process finished, return code=0 >2017-12-12T07:42:43Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Posix IDs >add dnaType: > uidNumber > gidNumber >add dnaNextValue: > 1390000000 >add dnaMaxValue: > 1390199999 >add dnaMagicRegen: > -1 >add dnaFilter: > (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) >add dnaScope: > dc=ipa,dc=test >add dnaThreshold: > 500 >add dnaSharedCfgDN: > cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test >add dnaExcludeScope: > cn=provisioning,dc=ipa,dc=test >adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >replace nsslapd-pluginEnabled: > on >modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:43Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:43Z DEBUG duration: 0 seconds >2017-12-12T07:42:43Z DEBUG [41/45]: adding replication acis >2017-12-12T07:42:43Z DEBUG Starting external process >2017-12-12T07:42:43Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpwn24u2os -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:43Z DEBUG Process finished, return code=0 >2017-12-12T07:42:43Z DEBUG stdout=add aci: > (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=ipa,dc=test";) >modifying entry "cn=tasks,cn=config" >modify complete > > >2017-12-12T07:42:43Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:43Z DEBUG duration: 0 seconds >2017-12-12T07:42:43Z DEBUG [42/45]: activating sidgen plugin >2017-12-12T07:42:43Z DEBUG Starting external process >2017-12-12T07:42:43Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp6ft1uylk -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:43Z DEBUG Process finished, return code=0 >2017-12-12T07:42:43Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA SIDGEN >add nsslapd-pluginpath: > libipa_sidgen >add nsslapd-plugininitfunc: > ipa_sidgen_init >add nsslapd-plugintype: > postoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_sidgen_postop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA SIDGEN post operation >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=ipa,dc=test >adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:43Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:43Z DEBUG duration: 0 seconds >2017-12-12T07:42:43Z DEBUG [43/45]: activating extdom plugin >2017-12-12T07:42:43Z DEBUG Starting external process >2017-12-12T07:42:43Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpvlrb16kh -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:43Z DEBUG Process finished, return code=0 >2017-12-12T07:42:43Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_extdom_extop >add nsslapd-pluginpath: > libipa_extdom_extop >add nsslapd-plugininitfunc: > ipa_extdom_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_extdom_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support resolving IDs in trusted domains to names and back >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=ipa,dc=test >adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:43Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:43Z DEBUG duration: 0 seconds >2017-12-12T07:42:43Z DEBUG [44/45]: tuning directory server >2017-12-12T07:42:43Z DEBUG Starting external process >2017-12-12T07:42:43Z DEBUG args=/usr/sbin/selinuxenabled >2017-12-12T07:42:43Z DEBUG Process finished, return code=1 >2017-12-12T07:42:43Z DEBUG stdout= >2017-12-12T07:42:43Z DEBUG stderr= >2017-12-12T07:42:43Z DEBUG Starting external process >2017-12-12T07:42:43Z DEBUG args=/bin/systemctl --system daemon-reload >2017-12-12T07:42:43Z DEBUG Process finished, return code=0 >2017-12-12T07:42:43Z DEBUG stdout= >2017-12-12T07:42:43Z DEBUG stderr= >2017-12-12T07:42:43Z DEBUG Destroyed connection context.ldap2_140134590517880 >2017-12-12T07:42:43Z DEBUG Starting external process >2017-12-12T07:42:43Z DEBUG args=/bin/systemctl --system daemon-reload >2017-12-12T07:42:43Z DEBUG Process finished, return code=0 >2017-12-12T07:42:43Z DEBUG stdout= >2017-12-12T07:42:43Z DEBUG stderr= >2017-12-12T07:42:43Z DEBUG Starting external process >2017-12-12T07:42:43Z DEBUG args=/bin/systemctl restart dirsrv@IPA-TEST.service >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout= >2017-12-12T07:42:49Z DEBUG stderr=Failed to open /dev/tty: No such device or address > >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/bin/systemctl is-active dirsrv@IPA-TEST.service >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout=active > >2017-12-12T07:42:49Z DEBUG stderr= >2017-12-12T07:42:49Z DEBUG wait_for_open_ports: localhost [389] timeout 300 >2017-12-12T07:42:49Z DEBUG waiting for port: 389 >2017-12-12T07:42:49Z DEBUG SUCCESS: port: 389 >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/bin/systemctl is-active dirsrv@IPA-TEST.service >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout=active > >2017-12-12T07:42:49Z DEBUG stderr= >2017-12-12T07:42:49Z DEBUG Created connection context.ldap2_140134590517880 >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpnu1dauvt -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout=replace nsslapd-maxdescriptors: > 8192 >replace nsslapd-reservedescriptors: > 64 >modifying entry "cn=config" >modify complete > > >2017-12-12T07:42:49Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:49Z DEBUG duration: 5 seconds >2017-12-12T07:42:49Z DEBUG [45/45]: configuring directory to start on boot >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/bin/systemctl is-enabled dirsrv@IPA-TEST.service >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout=enabled > >2017-12-12T07:42:49Z DEBUG stderr= >2017-12-12T07:42:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:49Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/bin/systemctl disable dirsrv@IPA-TEST.service >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout= >2017-12-12T07:42:49Z DEBUG stderr=Removed /etc/systemd/system/dirsrv.target.wants/dirsrv@IPA-TEST.service. > >2017-12-12T07:42:49Z DEBUG duration: 0 seconds >2017-12-12T07:42:49Z DEBUG Done configuring directory server (dirsrv). >2017-12-12T07:42:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:49Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/bin/systemctl is-active ntpd.service >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout=active > >2017-12-12T07:42:49Z DEBUG stderr= >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/bin/systemctl disable ntpd.service >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout= >2017-12-12T07:42:49Z DEBUG stderr=Removed /etc/systemd/system/container-ipa.target.wants/ntpd.service. > >2017-12-12T07:42:49Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket from SchemaCache >2017-12-12T07:42:49Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f739e7fb390> >2017-12-12T07:42:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2017-12-12T07:42:49Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/bin/systemctl start ntpd.service >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout= >2017-12-12T07:42:49Z DEBUG stderr= >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/bin/systemctl is-active ntpd.service >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout=active > >2017-12-12T07:42:49Z DEBUG stderr= >2017-12-12T07:42:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=keyctl get_persistent @s 0 >2017-12-12T07:42:49Z DEBUG Process finished, return code=1 >2017-12-12T07:42:49Z DEBUG stdout= >2017-12-12T07:42:49Z DEBUG stderr=keyctl_get_persistent: Operation not permitted > >2017-12-12T07:42:49Z DEBUG Persistent keyring CCACHE is not enabled >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/bin/systemctl is-active krb5kdc.service >2017-12-12T07:42:49Z DEBUG Process finished, return code=3 >2017-12-12T07:42:49Z DEBUG stdout=inactive > >2017-12-12T07:42:49Z DEBUG stderr= >2017-12-12T07:42:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:49Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/bin/systemctl stop krb5kdc.service >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout= >2017-12-12T07:42:49Z DEBUG stderr= >2017-12-12T07:42:49Z DEBUG Configuring Kerberos KDC (krb5kdc) >2017-12-12T07:42:49Z DEBUG [1/10]: adding kerberos container to the directory >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp0xm9oeqd -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout=add objectClass: > krbContainer > top >add cn: > kerberos >adding new entry "cn=kerberos,dc=ipa,dc=test" >modify complete > >add cn: > IPA.TEST >add objectClass: > top > krbrealmcontainer > krbticketpolicyaux >add krbSubTrees: > dc=ipa,dc=test >add krbSearchScope: > 2 >add krbSupportedEncSaltTypes: > aes256-cts:normal > aes256-cts:special > aes128-cts:normal > aes128-cts:special > des3-hmac-sha1:normal > des3-hmac-sha1:special > arcfour-hmac:normal > arcfour-hmac:special > camellia128-cts-cmac:normal > camellia128-cts-cmac:special > camellia256-cts-cmac:normal > camellia256-cts-cmac:special >add krbMaxTicketLife: > 86400 >add krbMaxRenewableAge: > 604800 >add krbDefaultEncSaltTypes: > aes256-cts:special > aes128-cts:special >adding new entry "cn=IPA.TEST,cn=kerberos,dc=ipa,dc=test" >modify complete > >add objectClass: > top > nsContainer > krbPwdPolicy >add krbMinPwdLife: > 3600 >add krbPwdMinDiffChars: > 0 >add krbPwdMinLength: > 8 >add krbPwdHistoryLength: > 0 >add krbMaxPwdLife: > 7776000 >add krbPwdMaxFailure: > 6 >add krbPwdFailureCountInterval: > 60 >add krbPwdLockoutDuration: > 600 >adding new entry "cn=global_policy,cn=IPA.TEST,cn=kerberos,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:49Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:49Z DEBUG duration: 0 seconds >2017-12-12T07:42:49Z DEBUG [2/10]: configuring KDC >2017-12-12T07:42:49Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf' >2017-12-12T07:42:49Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:49Z DEBUG Backing up system configuration file '/etc/krb5.conf' >2017-12-12T07:42:49Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:49Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini' >2017-12-12T07:42:49Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist >2017-12-12T07:42:49Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con' >2017-12-12T07:42:49Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist >2017-12-12T07:42:49Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con' >2017-12-12T07:42:49Z DEBUG -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=klist -V >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout=Kerberos 5 version 1.15.2 > >2017-12-12T07:42:49Z DEBUG stderr= >2017-12-12T07:42:49Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc' >2017-12-12T07:42:49Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/usr/sbin/selinuxenabled >2017-12-12T07:42:49Z DEBUG Process finished, return code=1 >2017-12-12T07:42:49Z DEBUG stdout= >2017-12-12T07:42:49Z DEBUG stderr= >2017-12-12T07:42:49Z DEBUG duration: 0 seconds >2017-12-12T07:42:49Z DEBUG [3/10]: initialize kerberos container >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=kdb5_util create -s -r IPA.TEST -x ipa-setup-override-restrictions >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout=Loading random data >Initializing database '/var/kerberos/krb5kdc/principal' for realm 'IPA.TEST', >master key name 'K/M@IPA.TEST' >You will be prompted for the database Master Password. >It is important that you NOT FORGET this password. >Enter KDC database master key: >Re-enter KDC database master key to verify: > >2017-12-12T07:42:49Z DEBUG stderr= >2017-12-12T07:42:49Z DEBUG duration: 0 seconds >2017-12-12T07:42:49Z DEBUG [4/10]: adding default ACIs >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp3t8iksmn -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:49Z DEBUG Process finished, return code=0 >2017-12-12T07:42:49Z DEBUG stdout=add aci: > (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) >modifying entry "dc=ipa,dc=test" >modify complete > >add aci: > (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) > (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) > (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) >modifying entry "dc=ipa,dc=test" >modify complete > >add aci: > (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=ipa,dc=test";) >modifying entry "cn=etc,dc=ipa,dc=test" >modify complete > >add aci: > (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=ipa,dc=test";) >modifying entry "cn=ipa,cn=etc,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=ipa,dc=test";) > (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=ipa,dc=test";) > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=ipa,dc=test";) > (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) >modifying entry "cn=accounts,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ipa,dc=test")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=ipa,dc=test";) >modifying entry "cn=services,cn=accounts,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) >modifying entry "cn=services,cn=accounts,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) > (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) >modifying entry "cn=computers,cn=accounts,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) > (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) >modifying entry "cn=computers,cn=accounts,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=ipa,dc=test")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=ipa,dc=test";) >modifying entry "cn=computers,cn=accounts,dc=ipa,dc=test" >modify complete > >add aci: > (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) >modifying entry "cn=accounts,dc=ipa,dc=test" >modify complete > >add aci: > (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) > (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=ipa,dc=test")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) >modifying entry "dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:49Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:49Z DEBUG duration: 0 seconds >2017-12-12T07:42:49Z DEBUG [5/10]: creating a keytab for the directory >2017-12-12T07:42:49Z DEBUG Starting external process >2017-12-12T07:42:49Z DEBUG args=kadmin.local -q addprinc -randkey ldap/master.ipa.test@IPA.TEST -x ipa-setup-override-restrictions >2017-12-12T07:42:50Z DEBUG Process finished, return code=0 >2017-12-12T07:42:50Z DEBUG stdout=Authenticating as principal root/admin@IPA.TEST with password. >Principal "ldap/master.ipa.test@IPA.TEST" created. > >2017-12-12T07:42:50Z DEBUG stderr=WARNING: no policy specified for ldap/master.ipa.test@IPA.TEST; defaulting to no policy > >2017-12-12T07:42:50Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' >2017-12-12T07:42:50Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist >2017-12-12T07:42:50Z DEBUG Starting external process >2017-12-12T07:42:50Z DEBUG args=kadmin.local -q ktadd -k /etc/dirsrv/ds.keytab ldap/master.ipa.test@IPA.TEST -x ipa-setup-override-restrictions >2017-12-12T07:42:50Z DEBUG Process finished, return code=0 >2017-12-12T07:42:50Z DEBUG stdout=Authenticating as principal root/admin@IPA.TEST with password. >Entry for principal ldap/master.ipa.test@IPA.TEST with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/master.ipa.test@IPA.TEST with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/master.ipa.test@IPA.TEST with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/master.ipa.test@IPA.TEST with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/master.ipa.test@IPA.TEST with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/master.ipa.test@IPA.TEST with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. > >2017-12-12T07:42:50Z DEBUG stderr= >2017-12-12T07:42:50Z DEBUG duration: 0 seconds >2017-12-12T07:42:50Z DEBUG [6/10]: creating a keytab for the machine >2017-12-12T07:42:50Z DEBUG Starting external process >2017-12-12T07:42:50Z DEBUG args=kadmin.local -q addprinc -randkey host/master.ipa.test@IPA.TEST -x ipa-setup-override-restrictions >2017-12-12T07:42:50Z DEBUG Process finished, return code=0 >2017-12-12T07:42:50Z DEBUG stdout=Authenticating as principal root/admin@IPA.TEST with password. >Principal "host/master.ipa.test@IPA.TEST" created. > >2017-12-12T07:42:50Z DEBUG stderr=WARNING: no policy specified for host/master.ipa.test@IPA.TEST; defaulting to no policy > >2017-12-12T07:42:50Z DEBUG Backing up system configuration file '/etc/krb5.keytab' >2017-12-12T07:42:50Z DEBUG -> Not backing up - '/etc/krb5.keytab' doesn't exist >2017-12-12T07:42:50Z DEBUG Starting external process >2017-12-12T07:42:50Z DEBUG args=kadmin.local -q ktadd -k /etc/krb5.keytab host/master.ipa.test@IPA.TEST -x ipa-setup-override-restrictions >2017-12-12T07:42:50Z DEBUG Process finished, return code=0 >2017-12-12T07:42:50Z DEBUG stdout=Authenticating as principal root/admin@IPA.TEST with password. >Entry for principal host/master.ipa.test@IPA.TEST with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/master.ipa.test@IPA.TEST with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/master.ipa.test@IPA.TEST with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/master.ipa.test@IPA.TEST with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/master.ipa.test@IPA.TEST with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/master.ipa.test@IPA.TEST with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. > >2017-12-12T07:42:50Z DEBUG stderr= >2017-12-12T07:42:50Z DEBUG importing all plugin modules in ipaserver.plugins... >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.aci >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.automember >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.automount >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.baseldap >2017-12-12T07:42:50Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.baseuser >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.batch >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.ca >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.caacl >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.cert >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.certmap >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.certprofile >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.config >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.delegation >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.dns >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.dogtag >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.group >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.hbac >2017-12-12T07:42:50Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.hbactest >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.host >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.idrange >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.idviews >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.internal >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.join >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.location >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.migration >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.misc >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.netgroup >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.otp >2017-12-12T07:42:50Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.otptoken >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.passwd >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.permission >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.ping >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.pkinit >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.privilege >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.rabase >2017-12-12T07:42:50Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.role >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.schema >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.selfservice >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.server >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.serverrole >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.serverroles >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.service >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.session >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.stageuser >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.sudo >2017-12-12T07:42:50Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.sudorule >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.topology >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.trust >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.user >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.vault >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.virtual >2017-12-12T07:42:50Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.whoami >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2017-12-12T07:42:50Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.dns >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2017-12-12T07:42:50Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2017-12-12T07:42:51Z DEBUG Created connection context.ldap2_140134558766528 >2017-12-12T07:42:51Z DEBUG Destroyed connection context.ldap2_140134558766528 >2017-12-12T07:42:51Z DEBUG Created connection context.ldap2_140134558766528 >2017-12-12T07:42:51Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update' >2017-12-12T07:42:51Z DEBUG flushing ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket from SchemaCache >2017-12-12T07:42:51Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f739debb8d0> >2017-12-12T07:42:51Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=ipa,dc=test >2017-12-12T07:42:51Z DEBUG --------------------------------------------- >2017-12-12T07:42:51Z DEBUG Initial value >2017-12-12T07:42:51Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=ipa,dc=test >2017-12-12T07:42:51Z DEBUG objectClass: >2017-12-12T07:42:51Z DEBUG top >2017-12-12T07:42:51Z DEBUG groupOfNames >2017-12-12T07:42:51Z DEBUG nestedGroup >2017-12-12T07:42:51Z DEBUG ipaobject >2017-12-12T07:42:51Z DEBUG ipahostgroup >2017-12-12T07:42:51Z DEBUG description: >2017-12-12T07:42:51Z DEBUG IPA server hosts >2017-12-12T07:42:51Z DEBUG cn: >2017-12-12T07:42:51Z DEBUG ipaservers >2017-12-12T07:42:51Z DEBUG ipaUniqueID: >2017-12-12T07:42:51Z DEBUG 084ba07e-df10-11e7-91d3-0242ac110002 >2017-12-12T07:42:51Z DEBUG --------------------------------------------- >2017-12-12T07:42:51Z DEBUG Final value after applying updates >2017-12-12T07:42:51Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=ipa,dc=test >2017-12-12T07:42:51Z DEBUG objectClass: >2017-12-12T07:42:51Z DEBUG top >2017-12-12T07:42:51Z DEBUG groupOfNames >2017-12-12T07:42:51Z DEBUG nestedGroup >2017-12-12T07:42:51Z DEBUG ipaobject >2017-12-12T07:42:51Z DEBUG ipahostgroup >2017-12-12T07:42:51Z DEBUG description: >2017-12-12T07:42:51Z DEBUG IPA server hosts >2017-12-12T07:42:51Z DEBUG cn: >2017-12-12T07:42:51Z DEBUG ipaservers >2017-12-12T07:42:51Z DEBUG ipaUniqueID: >2017-12-12T07:42:51Z DEBUG 084ba07e-df10-11e7-91d3-0242ac110002 >2017-12-12T07:42:51Z DEBUG [] >2017-12-12T07:42:51Z DEBUG Updated 0 >2017-12-12T07:42:51Z DEBUG Done >2017-12-12T07:42:51Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=ipa,dc=test >2017-12-12T07:42:51Z DEBUG --------------------------------------------- >2017-12-12T07:42:51Z DEBUG Initial value >2017-12-12T07:42:51Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=ipa,dc=test >2017-12-12T07:42:51Z DEBUG objectClass: >2017-12-12T07:42:51Z DEBUG top >2017-12-12T07:42:51Z DEBUG groupOfNames >2017-12-12T07:42:51Z DEBUG nestedGroup >2017-12-12T07:42:51Z DEBUG ipaobject >2017-12-12T07:42:51Z DEBUG ipahostgroup >2017-12-12T07:42:51Z DEBUG description: >2017-12-12T07:42:51Z DEBUG IPA server hosts >2017-12-12T07:42:51Z DEBUG cn: >2017-12-12T07:42:51Z DEBUG ipaservers >2017-12-12T07:42:51Z DEBUG ipaUniqueID: >2017-12-12T07:42:51Z DEBUG 084ba07e-df10-11e7-91d3-0242ac110002 >2017-12-12T07:42:51Z DEBUG add: 'fqdn=master.ipa.test,cn=computers,cn=accounts,dc=ipa,dc=test' to member, current value [] >2017-12-12T07:42:51Z DEBUG add: updated value ['fqdn=master.ipa.test,cn=computers,cn=accounts,dc=ipa,dc=test'] >2017-12-12T07:42:51Z DEBUG --------------------------------------------- >2017-12-12T07:42:51Z DEBUG Final value after applying updates >2017-12-12T07:42:51Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=ipa,dc=test >2017-12-12T07:42:51Z DEBUG objectClass: >2017-12-12T07:42:51Z DEBUG top >2017-12-12T07:42:51Z DEBUG groupOfNames >2017-12-12T07:42:51Z DEBUG nestedGroup >2017-12-12T07:42:51Z DEBUG ipaobject >2017-12-12T07:42:51Z DEBUG ipahostgroup >2017-12-12T07:42:51Z DEBUG description: >2017-12-12T07:42:51Z DEBUG IPA server hosts >2017-12-12T07:42:51Z DEBUG cn: >2017-12-12T07:42:51Z DEBUG ipaservers >2017-12-12T07:42:51Z DEBUG ipaUniqueID: >2017-12-12T07:42:51Z DEBUG 084ba07e-df10-11e7-91d3-0242ac110002 >2017-12-12T07:42:51Z DEBUG member: >2017-12-12T07:42:51Z DEBUG fqdn=master.ipa.test,cn=computers,cn=accounts,dc=ipa,dc=test >2017-12-12T07:42:51Z DEBUG [(2, 'member', ['fqdn=master.ipa.test,cn=computers,cn=accounts,dc=ipa,dc=test'])] >2017-12-12T07:42:51Z DEBUG Updated 1 >2017-12-12T07:42:51Z DEBUG Done >2017-12-12T07:42:51Z DEBUG Destroyed connection context.ldap2_140134558766528 >2017-12-12T07:42:51Z DEBUG duration: 1 seconds >2017-12-12T07:42:51Z DEBUG [7/10]: adding the password extension to the directory >2017-12-12T07:42:51Z DEBUG Starting external process >2017-12-12T07:42:51Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpetevpwun -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:51Z DEBUG Process finished, return code=0 >2017-12-12T07:42:51Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_pwd_extop >add nsslapd-pluginpath: > libipa_pwd_extop >add nsslapd-plugininitfunc: > ipapwd_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginbetxn: > on >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_pwd_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.) >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=ipa,dc=test >adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config" >modify complete > > >2017-12-12T07:42:51Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:51Z DEBUG duration: 0 seconds >2017-12-12T07:42:51Z DEBUG [8/10]: creating anonymous principal >2017-12-12T07:42:51Z DEBUG Starting external process >2017-12-12T07:42:51Z DEBUG args=kadmin.local -q addprinc -randkey WELLKNOWN/ANONYMOUS@IPA.TEST -x ipa-setup-override-restrictions >2017-12-12T07:42:52Z DEBUG Process finished, return code=0 >2017-12-12T07:42:52Z DEBUG stdout=Authenticating as principal root/admin@IPA.TEST with password. >Principal "WELLKNOWN/ANONYMOUS@IPA.TEST" created. > >2017-12-12T07:42:52Z DEBUG stderr=WARNING: no policy specified for WELLKNOWN/ANONYMOUS@IPA.TEST; defaulting to no policy > >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmps1f3ctl5 -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -Y EXTERNAL >2017-12-12T07:42:52Z DEBUG Process finished, return code=0 >2017-12-12T07:42:52Z DEBUG stdout=add objectclass: > ipaAllowedOperations >add aci: > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) >add ipaAllowedToPerform;read_keys: > cn=ipaservers,cn=hostgroups,cn=accounts,dc=ipa,dc=test >modifying entry "krbPrincipalName=WELLKNOWN/ANONYMOUS@IPA.TEST,cn=IPA.TEST,cn=kerberos,dc=ipa,dc=test" >modify complete > > >2017-12-12T07:42:52Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2017-12-12T07:42:52Z DEBUG duration: 0 seconds >2017-12-12T07:42:52Z DEBUG [9/10]: starting the KDC >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/bin/systemctl start krb5kdc.service >2017-12-12T07:42:52Z DEBUG Process finished, return code=0 >2017-12-12T07:42:52Z DEBUG stdout= >2017-12-12T07:42:52Z DEBUG stderr=Failed to open /dev/tty: No such device or address > >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/bin/systemctl is-active krb5kdc.service >2017-12-12T07:42:52Z DEBUG Process finished, return code=0 >2017-12-12T07:42:52Z DEBUG stdout=active > >2017-12-12T07:42:52Z DEBUG stderr= >2017-12-12T07:42:52Z DEBUG duration: 0 seconds >2017-12-12T07:42:52Z DEBUG [10/10]: configuring KDC to start on boot >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/bin/systemctl is-enabled krb5kdc.service >2017-12-12T07:42:52Z DEBUG Process finished, return code=1 >2017-12-12T07:42:52Z DEBUG stdout=disabled > >2017-12-12T07:42:52Z DEBUG stderr= >2017-12-12T07:42:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:52Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/bin/systemctl disable krb5kdc.service >2017-12-12T07:42:52Z DEBUG Process finished, return code=0 >2017-12-12T07:42:52Z DEBUG stdout= >2017-12-12T07:42:52Z DEBUG stderr= >2017-12-12T07:42:52Z DEBUG duration: 0 seconds >2017-12-12T07:42:52Z DEBUG Done configuring Kerberos KDC (krb5kdc). >2017-12-12T07:42:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:52Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:52Z DEBUG Configuring kadmin >2017-12-12T07:42:52Z DEBUG [1/2]: starting kadmin >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/bin/systemctl is-active kadmin.service >2017-12-12T07:42:52Z DEBUG Process finished, return code=3 >2017-12-12T07:42:52Z DEBUG stdout=inactive > >2017-12-12T07:42:52Z DEBUG stderr= >2017-12-12T07:42:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:52Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/bin/systemctl restart kadmin.service >2017-12-12T07:42:52Z DEBUG Process finished, return code=0 >2017-12-12T07:42:52Z DEBUG stdout= >2017-12-12T07:42:52Z DEBUG stderr=Failed to open /dev/tty: No such device or address > >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/bin/systemctl is-active kadmin.service >2017-12-12T07:42:52Z DEBUG Process finished, return code=0 >2017-12-12T07:42:52Z DEBUG stdout=active > >2017-12-12T07:42:52Z DEBUG stderr= >2017-12-12T07:42:52Z DEBUG duration: 0 seconds >2017-12-12T07:42:52Z DEBUG [2/2]: configuring kadmin to start on boot >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/bin/systemctl is-enabled kadmin.service >2017-12-12T07:42:52Z DEBUG Process finished, return code=1 >2017-12-12T07:42:52Z DEBUG stdout=disabled > >2017-12-12T07:42:52Z DEBUG stderr= >2017-12-12T07:42:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:52Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/bin/systemctl disable kadmin.service >2017-12-12T07:42:52Z DEBUG Process finished, return code=0 >2017-12-12T07:42:52Z DEBUG stdout= >2017-12-12T07:42:52Z DEBUG stderr= >2017-12-12T07:42:52Z DEBUG duration: 0 seconds >2017-12-12T07:42:52Z DEBUG Done configuring kadmin. >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/usr/bin/gpg-agent --batch --homedir /tmp/tmpz0gtfhb1ipa/ipa-kf_x4can/.gnupg --daemon /usr/bin/gpg --batch --homedir /tmp/tmpz0gtfhb1ipa/ipa-kf_x4can/.gnupg --passphrase-fd 0 --yes --no-tty -o /root/.ipa_cache -c /tmp/tmpz0gtfhb1ipa/cache >2017-12-12T07:42:52Z DEBUG Process finished, return code=0 >2017-12-12T07:42:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2017-12-12T07:42:52Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2017-12-12T07:42:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:52Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2017-12-12T07:42:52Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes >2017-12-12T07:42:52Z DEBUG [1/8]: configuring certificate server instance >2017-12-12T07:42:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:52Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2017-12-12T07:42:52Z DEBUG Contents of pkispawn configuration file (/tmp/tmpfk89bf3o): >[CA] >pki_security_domain_name = IPA >pki_enable_proxy = True >pki_restart_configured_instance = False >pki_backup_keys = True >pki_backup_password = XXXXXXXX >pki_profiles_in_ldap = True >pki_default_ocsp_uri = http://ipa-ca.ipa.test/ca/ocsp >pki_client_pkcs12_password = XXXXXXXX >pki_admin_name = admin >pki_admin_uid = admin >pki_admin_email = root@localhost >pki_admin_password = XXXXXXXX >pki_admin_nickname = ipa-ca-agent >pki_admin_subject_dn = cn=ipa-ca-agent,O=IPA.TEST >pki_client_admin_cert_p12 = /root/ca-agent.p12 >pki_ds_ldap_port = 389 >pki_ds_password = XXXXXXXX >pki_ds_base_dn = o=ipaca >pki_ds_database = ipaca >pki_subsystem_subject_dn = cn=CA Subsystem,O=IPA.TEST >pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=IPA.TEST >pki_ssl_server_subject_dn = cn=master.ipa.test,O=IPA.TEST >pki_audit_signing_subject_dn = cn=CA Audit,O=IPA.TEST >pki_ca_signing_subject_dn = CN=Certificate Authority,O=IPA.TEST >pki_subsystem_nickname = subsystemCert cert-pki-ca >pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca >pki_ssl_server_nickname = Server-Cert cert-pki-ca >pki_audit_signing_nickname = auditSigningCert cert-pki-ca >pki_ca_signing_nickname = caSigningCert cert-pki-ca >pki_ca_signing_key_algorithm = SHA256withRSA >pki_pin = XXXXXXXX >pki_external = True >pki_external_csr_path = /root/ipa.csr > > >2017-12-12T07:42:52Z DEBUG Starting external process >2017-12-12T07:42:52Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpfk89bf3o >2017-12-12T07:42:53Z DEBUG Process finished, return code=1 >2017-12-12T07:42:53Z DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20171212074252.log >Loading deployment configuration from /tmp/tmpfk89bf3o. >WARNING: The 'pki_ssl_server_nickname' in [CA] has been deprecated. Use 'pki_sslserver_nickname' instead. >WARNING: The 'pki_ssl_server_subject_dn' in [CA] has been deprecated. Use 'pki_sslserver_subject_dn' instead. >WARNING: The 'pki_external_csr_path' in [CA] has been deprecated. Use 'pki_ca_signing_csr_path' instead. >Installing CA into /var/lib/pki/pki-tomcat. >Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. > >Installation failed: Command '['openssl', 'rand', '-out', '/tmp/tmpJaE76a/noise.bin', '2048']' returned non-zero exit status 1 > > >2017-12-12T07:42:53Z DEBUG stderr=unable to write 'random state' > >2017-12-12T07:42:53Z CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpfk89bf3o' returned non-zero exit status 1. >2017-12-12T07:42:53Z CRITICAL See the installation logs and the following files/directories for more information: >2017-12-12T07:42:53Z CRITICAL /var/log/pki/pki-tomcat >2017-12-12T07:42:53Z DEBUG Traceback (most recent call last): > File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 147, in spawn_instance > ipautil.run(args, nolog=nolog_list) > File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 523, in run > raise CalledProcessError(p.returncode, arg_string, str(output)) >subprocess.CalledProcessError: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpfk89bf3o' returned non-zero exit status 1. > >During handling of the above exception, another exception occurred: > >Traceback (most recent call last): > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 506, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 496, in run_step > method() > File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 610, in __spawn_instance > pki_pin) > File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 149, in spawn_instance > self.handle_setup_error(e) > File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 389, in handle_setup_error > raise RuntimeError("%s configuration failed." % self.subsystem) >RuntimeError: CA configuration failed. > >2017-12-12T07:42:53Z DEBUG [error] RuntimeError: CA configuration failed. >2017-12-12T07:42:53Z DEBUG File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 174, in execute > return_value = self.run() > File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 336, in run > cfgr.run() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 364, in run > self.execute() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 388, in execute > for _nothing in self._executor(): > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 430, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 459, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 449, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 420, in __runner > step() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 417, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 654, in _configure > next(executor) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 430, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 459, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 517, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 449, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 514, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 449, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 420, in __runner > step() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 417, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 66, in _install > for _nothing in self._installer(self.parent): > File "/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py", line 578, in main > master_install(self) > File "/usr/lib/python3.6/site-packages/ipaserver/install/server/install.py", line 250, in decorated > func(installer) > File "/usr/lib/python3.6/site-packages/ipaserver/install/server/install.py", line 797, in install > ca.install_step_0(False, None, options) > File "/usr/lib/python3.6/site-packages/ipaserver/install/ca.py", line 289, in install_step_0 > use_ldaps=standalone) > File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 448, in configure_instance > self.start_creation(runtime=runtime) > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 506, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 496, in run_step > method() > File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 610, in __spawn_instance > pki_pin) > File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 149, in spawn_instance > self.handle_setup_error(e) > File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 389, in handle_setup_error > raise RuntimeError("%s configuration failed." % self.subsystem) > >2017-12-12T07:42:53Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA configuration failed. >2017-12-12T07:42:53Z ERROR CA configuration failed. >2017-12-12T07:42:53Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1366463">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1524833
:
1366462
| 1366463 |
1380037
|
1380067