Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1484576 Details for
Bug 1630680
ipa-server-install fails with 'DatabaseError: Protocol error'
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
ipaserver install log
ipaserver-install.log (text/plain), 170.16 KB, created by
Sudhir Menon
on 2018-09-19 06:13:03 UTC
(
hide
)
Description:
ipaserver install log
Filename:
MIME Type:
Creator:
Sudhir Menon
Created:
2018-09-19 06:13:03 UTC
Size:
170.16 KB
patch
obsolete
>2018-09-19T05:33:10Z DEBUG Logging to /var/log/ipaserver-install.log >2018-09-19T05:33:10Z DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'ignore_topology_disconnect': False, 'verbose': False, 'domain_level': None, 'ip_addresses': [CheckedIPAddress('')], 'secondary_rid_base': None, 'netbios_name': None, 'mkhomedir': False, 'http_cert_files': None, 'zonemgr': None, 'no_pkinit': False, 'reverse_zones': None, 'no_forwarders': False, 'external_ca_profile': None, 'external_ca_type': None, 'no_ntp': False, 'no_msdcs': False, 'setup_kra': False, 'domain_name': 'sdrhel76.test', 'idmax': None, 'setup_adtrust': False, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': False, 'ca_signing_algorithm': None, 'no_reverse': False, 'ssh_trust_dns': False, 'pkinit_cert_files': None, 'ca_cert_files': None, 'subject_base': None, 'auto_reverse': True, 'auto_forwarders': True, 'no_host_dns': False, 'no_sshd': False, 'no_ui_redirect': False, 'ignore_last_of_role': False, 'realm_name': 'SDRHEL76.TEST', 'forwarders': None, 'idstart': None, 'external_ca': False, 'pkinit_cert_name': None, 'no_ssh': False, 'external_cert_files': None, 'enable_compat': False, 'no_hbac_allow': False, 'forward_policy': None, 'dirsrv_cert_name': None, 'unattended': True, 'rid_base': None, 'quiet': False, 'setup_dns': True, 'ca_subject': None, 'host_name': 'master.sdrhel76.test', 'dirsrv_config_file': None, 'log_file': None, 'allow_zone_overlap': True, 'uninstall': False} >2018-09-19T05:33:10Z DEBUG IPA version 4.6.4-10.el7 >2018-09-19T05:33:10Z DEBUG Searching for an interface of IP address: ::1 >2018-09-19T05:33:10Z DEBUG Testing local IP address: ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (interface: lo) >2018-09-19T05:33:10Z DEBUG Starting external process >2018-09-19T05:33:10Z DEBUG args=/usr/sbin/selinuxenabled >2018-09-19T05:33:10Z DEBUG Process finished, return code=0 >2018-09-19T05:33:10Z DEBUG stdout= >2018-09-19T05:33:10Z DEBUG stderr= >2018-09-19T05:33:10Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:10Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:10Z DEBUG httpd is not configured >2018-09-19T05:33:10Z DEBUG kadmin is not configured >2018-09-19T05:33:10Z DEBUG dirsrv is not configured >2018-09-19T05:33:10Z DEBUG pki-tomcatd is not configured >2018-09-19T05:33:10Z DEBUG install is not configured >2018-09-19T05:33:10Z DEBUG krb5kdc is not configured >2018-09-19T05:33:10Z DEBUG ntpd is not configured >2018-09-19T05:33:10Z DEBUG named is not configured >2018-09-19T05:33:10Z DEBUG filestore is tracking no files >2018-09-19T05:33:10Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' >2018-09-19T05:33:10Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:10Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:10Z DEBUG Starting external process >2018-09-19T05:33:10Z DEBUG args=/bin/systemctl is-enabled chronyd.service >2018-09-19T05:33:10Z DEBUG Process finished, return code=0 >2018-09-19T05:33:10Z DEBUG stdout=enabled > >2018-09-19T05:33:10Z DEBUG stderr= >2018-09-19T05:33:10Z DEBUG Starting external process >2018-09-19T05:33:10Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS >2018-09-19T05:33:10Z DEBUG Process finished, return code=0 >2018-09-19T05:33:10Z DEBUG stdout=VirtualHost configuration: >*:8443 master.sdrhel76.test (/etc/httpd/conf.d/nss.conf:81) > >2018-09-19T05:33:10Z DEBUG stderr= >2018-09-19T05:33:10Z DEBUG Check if master.sdrhel76.test is a primary hostname for localhost >2018-09-19T05:33:10Z DEBUG Primary hostname for localhost: master.sdrhel76.test >2018-09-19T05:33:10Z DEBUG will use host_name: master.sdrhel76.test > >2018-09-19T05:33:10Z DEBUG importing all plugin modules in ipaserver.plugins... >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.aci >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.automember >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.automount >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.baseldap >2018-09-19T05:33:10Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.baseuser >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.batch >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.ca >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.caacl >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.cert >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.certmap >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.certprofile >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.config >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.delegation >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.dns >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.dogtag >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.group >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.hbac >2018-09-19T05:33:10Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.hbactest >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.host >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.idrange >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.idviews >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.internal >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.join >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.location >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.migration >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.misc >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.netgroup >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.otp >2018-09-19T05:33:10Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.otptoken >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.passwd >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.permission >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.ping >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.pkinit >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.privilege >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.rabase >2018-09-19T05:33:10Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.role >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.schema >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.selfservice >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.server >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.serverrole >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.serverroles >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.service >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.session >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.stageuser >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.sudo >2018-09-19T05:33:10Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.sudorule >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.topology >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.trust >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.user >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.vault >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.virtual >2018-09-19T05:33:10Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.whoami >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2018-09-19T05:33:10Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.dns >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2018-09-19T05:33:10Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2018-09-19T05:33:12Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:12Z INFO Checking DNS domain sdrhel76.test., please wait ... >2018-09-19T05:33:14Z WARNING Invalid IP address fe80::5054:ff:fe7e:edd6 for master.sdrhel76.test: cannot use link-local IP address fe80::5054:ff:fe7e:edd6 >2018-09-19T05:33:14Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo) >2018-09-19T05:33:14Z DEBUG Backing up system configuration file '/etc/hostname' >2018-09-19T05:33:14Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:14Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:14Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:14Z DEBUG Starting external process >2018-09-19T05:33:14Z DEBUG args=/bin/hostnamectl set-hostname master.sdrhel76.test >2018-09-19T05:33:14Z DEBUG Process finished, return code=0 >2018-09-19T05:33:14Z DEBUG stdout= >2018-09-19T05:33:14Z DEBUG stderr= >2018-09-19T05:33:14Z DEBUG Backing up system configuration file '/etc/hosts' >2018-09-19T05:33:14Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:14Z DEBUG Starting external process >2018-09-19T05:33:14Z DEBUG args=/bin/systemctl is-enabled chronyd.service >2018-09-19T05:33:14Z DEBUG Process finished, return code=0 >2018-09-19T05:33:14Z DEBUG stdout=enabled > >2018-09-19T05:33:14Z DEBUG stderr= >2018-09-19T05:33:14Z DEBUG Starting external process >2018-09-19T05:33:14Z DEBUG args=/bin/systemctl is-active chronyd.service >2018-09-19T05:33:14Z DEBUG Process finished, return code=0 >2018-09-19T05:33:14Z DEBUG stdout=active > >2018-09-19T05:33:14Z DEBUG stderr= >2018-09-19T05:33:14Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:14Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:14Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:14Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:14Z DEBUG Starting external process >2018-09-19T05:33:14Z DEBUG args=/bin/systemctl stop chronyd.service >2018-09-19T05:33:14Z DEBUG Process finished, return code=0 >2018-09-19T05:33:14Z DEBUG stdout= >2018-09-19T05:33:14Z DEBUG stderr= >2018-09-19T05:33:14Z DEBUG Stop of chronyd.service complete >2018-09-19T05:33:14Z DEBUG Starting external process >2018-09-19T05:33:14Z DEBUG args=/bin/systemctl disable chronyd.service >2018-09-19T05:33:15Z DEBUG Process finished, return code=0 >2018-09-19T05:33:15Z DEBUG stdout= >2018-09-19T05:33:15Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service. > >2018-09-19T05:33:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:15Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:15Z DEBUG Configuring NTP daemon (ntpd) >2018-09-19T05:33:15Z DEBUG [1/4]: stopping ntpd >2018-09-19T05:33:15Z DEBUG Starting external process >2018-09-19T05:33:15Z DEBUG args=/bin/systemctl is-active ntpd.service >2018-09-19T05:33:15Z DEBUG Process finished, return code=3 >2018-09-19T05:33:15Z DEBUG stdout=inactive > >2018-09-19T05:33:15Z DEBUG stderr= >2018-09-19T05:33:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:15Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:15Z DEBUG Starting external process >2018-09-19T05:33:15Z DEBUG args=/bin/systemctl stop ntpd.service >2018-09-19T05:33:15Z DEBUG Process finished, return code=0 >2018-09-19T05:33:15Z DEBUG stdout= >2018-09-19T05:33:15Z DEBUG stderr= >2018-09-19T05:33:15Z DEBUG Stop of ntpd.service complete >2018-09-19T05:33:15Z DEBUG duration: 0 seconds >2018-09-19T05:33:15Z DEBUG [2/4]: writing configuration >2018-09-19T05:33:15Z DEBUG Backing up system configuration file '/etc/ntp.conf' >2018-09-19T05:33:15Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:15Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' >2018-09-19T05:33:15Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:15Z DEBUG duration: 0 seconds >2018-09-19T05:33:15Z DEBUG [3/4]: configuring ntpd to start on boot >2018-09-19T05:33:15Z DEBUG Starting external process >2018-09-19T05:33:15Z DEBUG args=/bin/systemctl is-enabled ntpd.service >2018-09-19T05:33:15Z DEBUG Process finished, return code=1 >2018-09-19T05:33:15Z DEBUG stdout=disabled > >2018-09-19T05:33:15Z DEBUG stderr= >2018-09-19T05:33:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:15Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:15Z DEBUG Starting external process >2018-09-19T05:33:15Z DEBUG args=/bin/systemctl enable ntpd.service >2018-09-19T05:33:15Z DEBUG Process finished, return code=0 >2018-09-19T05:33:15Z DEBUG stdout= >2018-09-19T05:33:15Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service. > >2018-09-19T05:33:15Z DEBUG duration: 0 seconds >2018-09-19T05:33:15Z DEBUG [4/4]: starting ntpd >2018-09-19T05:33:15Z DEBUG Starting external process >2018-09-19T05:33:15Z DEBUG args=/bin/systemctl start ntpd.service >2018-09-19T05:33:15Z DEBUG Process finished, return code=0 >2018-09-19T05:33:15Z DEBUG stdout= >2018-09-19T05:33:15Z DEBUG stderr= >2018-09-19T05:33:15Z DEBUG Starting external process >2018-09-19T05:33:15Z DEBUG args=/bin/systemctl is-active ntpd.service >2018-09-19T05:33:15Z DEBUG Process finished, return code=0 >2018-09-19T05:33:15Z DEBUG stdout=active > >2018-09-19T05:33:15Z DEBUG stderr= >2018-09-19T05:33:15Z DEBUG Start of ntpd.service complete >2018-09-19T05:33:15Z DEBUG duration: 0 seconds >2018-09-19T05:33:15Z DEBUG Done configuring NTP daemon (ntpd). >2018-09-19T05:33:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:15Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds >2018-09-19T05:33:15Z DEBUG [1/44]: creating directory server instance >2018-09-19T05:33:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:15Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:15Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' >2018-09-19T05:33:15Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:15Z DEBUG >dn: dc=sdrhel76,dc=test >objectClass: top >objectClass: domain >objectClass: pilotObject >dc: sdrhel76 >info: IPA V2.0 > >2018-09-19T05:33:15Z DEBUG writing inf template >2018-09-19T05:33:15Z DEBUG >[General] >FullMachineName= master.sdrhel76.test >SuiteSpotUserID= dirsrv >SuiteSpotGroup= dirsrv >ServerRoot= /usr/lib64/dirsrv >[slapd] >ServerPort= 389 >ServerIdentifier= SDRHEL76-TEST >Suffix= dc=sdrhel76,dc=test >RootDN= cn=Directory Manager >InstallLdifFile= /var/lib/dirsrv/boot.ldif >inst_dir= /var/lib/dirsrv/scripts-SDRHEL76-TEST > >2018-09-19T05:33:15Z DEBUG calling setup-ds.pl >2018-09-19T05:33:15Z DEBUG Starting external process >2018-09-19T05:33:15Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpDs6vDG >2018-09-19T05:33:22Z DEBUG Process finished, return code=0 >2018-09-19T05:33:22Z DEBUG stdout=[18/09/19:11:03:22] - [Setup] Info Your new DS instance 'SDRHEL76-TEST' was successfully created. >Your new DS instance 'SDRHEL76-TEST' was successfully created. >[18/09/19:11:03:22] - [Setup] Success Exiting . . . >Log file is '-' > >Exiting . . . >Log file is '-' > > >2018-09-19T05:33:22Z DEBUG stderr= >2018-09-19T05:33:22Z DEBUG completed creating DS instance >2018-09-19T05:33:22Z DEBUG duration: 6 seconds >2018-09-19T05:33:22Z DEBUG [2/44]: enabling ldapi >2018-09-19T05:33:22Z DEBUG Starting external process >2018-09-19T05:33:22Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpueCcHd -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmprj8Piw >2018-09-19T05:33:22Z DEBUG Process finished, return code=0 >2018-09-19T05:33:22Z DEBUG stdout=replace nsslapd-ldapilisten: > on >modifying entry "cn=config" >modify complete > > >2018-09-19T05:33:22Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base ) > >2018-09-19T05:33:22Z DEBUG duration: 0 seconds >2018-09-19T05:33:22Z DEBUG [3/44]: configure autobind for root >2018-09-19T05:33:22Z DEBUG Starting external process >2018-09-19T05:33:22Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmpQc7jY_ >2018-09-19T05:33:22Z DEBUG Process finished, return code=0 >2018-09-19T05:33:22Z DEBUG stdout=add objectClass: > extensibleObject > top >add cn: > root-autobind >add uidNumber: > 0 >add gidNumber: > 0 >adding new entry "cn=root-autobind,cn=config" >modify complete > >replace nsslapd-ldapiautobind: > on >modifying entry "cn=config" >modify complete > >replace nsslapd-ldapimaptoentries: > on >modifying entry "cn=config" >modify complete > > >2018-09-19T05:33:22Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base ) > >2018-09-19T05:33:22Z DEBUG duration: 0 seconds >2018-09-19T05:33:22Z DEBUG [4/44]: stopping directory server >2018-09-19T05:33:22Z DEBUG Starting external process >2018-09-19T05:33:22Z DEBUG args=/bin/systemctl stop dirsrv@SDRHEL76-TEST.service >2018-09-19T05:33:24Z DEBUG Process finished, return code=0 >2018-09-19T05:33:24Z DEBUG stdout= >2018-09-19T05:33:24Z DEBUG stderr= >2018-09-19T05:33:24Z DEBUG Stop of dirsrv@SDRHEL76-TEST.service complete >2018-09-19T05:33:24Z DEBUG duration: 2 seconds >2018-09-19T05:33:24Z DEBUG [5/44]: updating configuration in dse.ldif >2018-09-19T05:33:24Z DEBUG Starting external process >2018-09-19T05:33:24Z DEBUG args=/usr/sbin/selinuxenabled >2018-09-19T05:33:24Z DEBUG Process finished, return code=0 >2018-09-19T05:33:24Z DEBUG stdout= >2018-09-19T05:33:24Z DEBUG stderr= >2018-09-19T05:33:24Z DEBUG Starting external process >2018-09-19T05:33:24Z DEBUG args=/sbin/restorecon /etc/dirsrv/slapd-SDRHEL76-TEST/dse.ldif >2018-09-19T05:33:24Z DEBUG Process finished, return code=0 >2018-09-19T05:33:24Z DEBUG stdout= >2018-09-19T05:33:24Z DEBUG stderr= >2018-09-19T05:33:24Z DEBUG duration: 0 seconds >2018-09-19T05:33:24Z DEBUG [6/44]: starting directory server >2018-09-19T05:33:24Z DEBUG Starting external process >2018-09-19T05:33:24Z DEBUG args=/bin/systemctl start dirsrv@SDRHEL76-TEST.service >2018-09-19T05:33:29Z DEBUG Process finished, return code=0 >2018-09-19T05:33:29Z DEBUG stdout= >2018-09-19T05:33:29Z DEBUG stderr= >2018-09-19T05:33:29Z DEBUG Starting external process >2018-09-19T05:33:29Z DEBUG args=/bin/systemctl is-active dirsrv@SDRHEL76-TEST.service >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=active > >2018-09-19T05:33:30Z DEBUG stderr= >2018-09-19T05:33:30Z DEBUG wait_for_open_ports: localhost [389] timeout 300 >2018-09-19T05:33:30Z DEBUG waiting for port: 389 >2018-09-19T05:33:30Z DEBUG SUCCESS: port: 389 >2018-09-19T05:33:30Z DEBUG Start of dirsrv@SDRHEL76-TEST.service complete >2018-09-19T05:33:30Z DEBUG Created connection context.ldap2_139871438609424 >2018-09-19T05:33:30Z DEBUG duration: 5 seconds >2018-09-19T05:33:30Z DEBUG [7/44]: adding default schema >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [8/44]: enabling memberof plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=replace nsslapd-pluginenabled: > on >add memberofgroupattr: > memberUser >add memberofgroupattr: > memberHost >modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [9/44]: enabling winsync plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa-winsync >add nsslapd-pluginpath: > libipa_winsync >add nsslapd-plugininitfunc: > ipa_winsync_plugin_init >add nsslapd-pluginDescription: > Allows IPA to work with the DS windows sync feature >add nsslapd-pluginid: > ipa-winsync >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-plugin-depends-on-type: > database >add ipaWinSyncRealmFilter: > (objectclass=krbRealmContainer) >add ipaWinSyncRealmAttr: > cn >add ipaWinSyncNewEntryFilter: > (cn=ipaConfig) >add ipaWinSyncNewUserOCAttr: > ipauserobjectclasses >add ipaWinSyncUserFlatten: > true >add ipaWinsyncHomeDirAttr: > ipaHomesRootDir >add ipaWinsyncLoginShellAttr: > ipaDefaultLoginShell >add ipaWinSyncDefaultGroupAttr: > ipaDefaultPrimaryGroup >add ipaWinSyncDefaultGroupFilter: > (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) >add ipaWinSyncAcctDisable: > both >add ipaWinSyncForceSync: > true >add ipaWinSyncUserAttr: > uidNumber -1 > gidNumber -1 >adding new entry "cn=ipa-winsync,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [10/44]: configuring replication version plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Version Replication >add nsslapd-pluginpath: > libipa_repl_version >add nsslapd-plugininitfunc: > repl_version_plugin_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > off >add nsslapd-pluginid: > ipa_repl_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Replication version plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-plugin-depends-on-named: > Multimaster Replication Plugin >adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [11/44]: enabling IPA enrollment plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp_3TGxc -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_enrollment_extop >add nsslapd-pluginpath: > libipa_enrollment_extop >add nsslapd-plugininitfunc: > ipaenrollment_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_enrollment_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Enroll hosts into the IPA domain >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=sdrhel76,dc=test >adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [12/44]: configuring uniqueness plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpx7bCX1 -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbPrincipalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > krbPrincipalName >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=sdrhel76,dc=test >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=sdrhel76,dc=test >add uniqueness-across-all-subtrees: > on >adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbCanonicalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > krbCanonicalName >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=sdrhel76,dc=test >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=sdrhel76,dc=test >add uniqueness-across-all-subtrees: > on >adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > netgroup uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > cn >add uniqueness-subtrees: > cn=ng,cn=alt,dc=sdrhel76,dc=test >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipaUniqueID uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > ipaUniqueID >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=sdrhel76,dc=test >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=sdrhel76,dc=test >add uniqueness-across-all-subtrees: > on >adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > sudorule name uniqueness >add nsslapd-pluginDescription: > Enforce unique attribute values >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > cn >add uniqueness-subtrees: > cn=sudorules,cn=sudo,dc=sdrhel76,dc=test >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [13/44]: configuring uuid plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA UUID >add nsslapd-pluginpath: > libipa_uuid >add nsslapd-plugininitfunc: > ipauuid_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipauuid_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA UUID plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpKjbDP2 -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > IPA Unique IDs >add ipaUuidAttr: > ipaUniqueID >add ipaUuidMagicRegen: > autogenerate >add ipaUuidFilter: > (|(objectclass=ipaObject)(objectclass=ipaAssociation)) >add ipaUuidScope: > dc=sdrhel76,dc=test >add ipaUuidEnforce: > TRUE >adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > IPK11 Unique IDs >add ipaUuidAttr: > ipk11UniqueID >add ipaUuidMagicRegen: > autogenerate >add ipaUuidFilter: > (objectclass=ipk11Object) >add ipaUuidScope: > dc=sdrhel76,dc=test >add ipaUuidEnforce: > FALSE >adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [14/44]: configuring modrdn plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA MODRDN >add nsslapd-pluginpath: > libipa_modrdn >add nsslapd-plugininitfunc: > ipamodrdn_init >add nsslapd-plugintype: > betxnpostoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipamodrdn_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA MODRDN plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginPrecedence: > 60 >adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpfHd1cE -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Kerberos Principal Name >add ipaModRDNsourceAttr: > uid >add ipaModRDNtargetAttr: > krbPrincipalName >add ipaModRDNsuffix: > @SDRHEL76.TEST >add ipaModRDNfilter: > (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) >add ipaModRDNscope: > dc=sdrhel76,dc=test >adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > Kerberos Canonical Name >add ipaModRDNsourceAttr: > uid >add ipaModRDNtargetAttr: > krbCanonicalName >add ipaModRDNsuffix: > @SDRHEL76.TEST >add ipaModRDNfilter: > (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) >add ipaModRDNscope: > dc=sdrhel76,dc=test >adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [15/44]: configuring DNS plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectclass: > top > nsslapdPlugin > extensibleObject >add cn: > IPA DNS >add nsslapd-plugindescription: > IPA DNS support plugin >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_dns >add nsslapd-plugininitfunc: > ipadns_init >add nsslapd-pluginpath: > libipa_dns.so >add nsslapd-plugintype: > preoperation >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-pluginversion: > 1.0 >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA DNS,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [16/44]: enabling entryUSN plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=replace nsslapd-entryusn-global: > on >modifying entry "cn=config" >modify complete > >replace nsslapd-entryusn-import-initval: > next >modifying entry "cn=config" >modify complete > >replace nsslapd-pluginenabled: > on >modifying entry "cn=USN,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [17/44]: configuring lockout plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Lockout >add nsslapd-pluginpath: > libipa_lockout >add nsslapd-plugininitfunc: > ipalockout_init >add nsslapd-plugintype: > object >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipalockout_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Lockout plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA Lockout,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [18/44]: configuring topology plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpD2CsCL -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Topology Configuration >add nsslapd-pluginPath: > libtopology >add nsslapd-pluginInitfunc: > ipa_topo_init >add nsslapd-pluginType: > object >add nsslapd-pluginEnabled: > on >add nsslapd-topo-plugin-shared-config-base: > cn=ipa,cn=etc,dc=sdrhel76,dc=test >add nsslapd-topo-plugin-shared-replica-root: > dc=sdrhel76,dc=test > o=ipaca >add nsslapd-topo-plugin-shared-binddngroup: > cn=replication managers,cn=sysaccounts,cn=etc,dc=sdrhel76,dc=test >add nsslapd-topo-plugin-startup-delay: > 20 >add nsslapd-pluginId: > none >add nsslapd-plugin-depends-on-named: > ldbm database > Multimaster Replication Plugin >add nsslapd-pluginVersion: > 1.0 >add nsslapd-pluginVendor: > none >add nsslapd-pluginDescription: > none >adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [19/44]: creating indices >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:30Z DEBUG Process finished, return code=0 >2018-09-19T05:33:30Z DEBUG stdout=add objectClass: > top > nsIndex >add cn: > krbPrincipalName >add nsSystemIndex: > false >add nsIndexType: > eq > sub >add nsMatchingRule: > caseIgnoreIA5Match > caseExactIA5Match >adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > ou >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > carLicense >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > title >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > manager >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > secretary >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > displayname >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add nsIndexType: > sub >modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > uidnumber >add nsSystemIndex: > false >add nsIndexType: > eq >add nsMatchingRule: > integerOrderingMatch >adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > gidnumber >add nsSystemIndex: > false >add nsIndexType: > eq >add nsMatchingRule: > integerOrderingMatch >adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >replace nsIndexType: > eq > pres >modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >replace nsIndexType: > eq > pres >modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add ObjectClass: > top > nsIndex >add cn: > fqdn >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add ObjectClass: > top > nsIndex >add cn: > macAddress >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberHost >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberUser >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > sourcehost >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberservice >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > managedby >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberallowcmd >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberdenycmd >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipasudorunas >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipasudorunasgroup >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > automountkey >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipakrbprincipalalias >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipauniqueid >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaMemberCa >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaMemberCertProfile >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > userCertificate >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipalocation >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > krbCanonicalName >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > serverhostname >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > description >add objectClass: > top > nsindex >add nssystemindex: > false >add nsindextype: > eq > sub >adding new entry "cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > l >add objectClass: > top > nsindex >add nssystemindex: > false >add nsindextype: > eq > sub >adding new entry "cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > nsOsVersion >add objectClass: > top > nsindex >add nssystemindex: > false >add nsindextype: > eq > sub >adding new entry "cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > nsHardwarePlatform >add objectClass: > top > nsindex >add nssystemindex: > false >add nsindextype: > eq > sub >adding new entry "cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > nsHostLocation >add objectClass: > top > nsindex >add nssystemindex: > false >add nsindextype: > eq > sub >adding new entry "cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:30Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:30Z DEBUG duration: 0 seconds >2018-09-19T05:33:30Z DEBUG [20/44]: enabling referential integrity plugin >2018-09-19T05:33:30Z DEBUG Starting external process >2018-09-19T05:33:30Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:31Z DEBUG Process finished, return code=0 >2018-09-19T05:33:31Z DEBUG stdout=replace nsslapd-pluginenabled: > on >modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:31Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:31Z DEBUG duration: 0 seconds >2018-09-19T05:33:31Z DEBUG [21/44]: configuring certmap.conf >2018-09-19T05:33:31Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-09-19T05:33:31Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-09-19T05:33:31Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-09-19T05:33:31Z DEBUG duration: 0 seconds >2018-09-19T05:33:31Z DEBUG [22/44]: configure new location for managed entries >2018-09-19T05:33:31Z DEBUG Starting external process >2018-09-19T05:33:31Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpHGMc9z -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:31Z DEBUG Process finished, return code=0 >2018-09-19T05:33:31Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=Definitions,cn=Managed Entries,cn=etc,dc=sdrhel76,dc=test >modifying entry "cn=Managed Entries,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:31Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:31Z DEBUG duration: 0 seconds >2018-09-19T05:33:31Z DEBUG [23/44]: configure dirsrv ccache >2018-09-19T05:33:31Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' >2018-09-19T05:33:31Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:31Z DEBUG Starting external process >2018-09-19T05:33:31Z DEBUG args=/usr/sbin/selinuxenabled >2018-09-19T05:33:31Z DEBUG Process finished, return code=0 >2018-09-19T05:33:31Z DEBUG stdout= >2018-09-19T05:33:31Z DEBUG stderr= >2018-09-19T05:33:31Z DEBUG Starting external process >2018-09-19T05:33:31Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv >2018-09-19T05:33:31Z DEBUG Process finished, return code=0 >2018-09-19T05:33:31Z DEBUG stdout= >2018-09-19T05:33:31Z DEBUG stderr= >2018-09-19T05:33:31Z DEBUG duration: 0 seconds >2018-09-19T05:33:31Z DEBUG [24/44]: enabling SASL mapping fallback >2018-09-19T05:33:31Z DEBUG Starting external process >2018-09-19T05:33:31Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpp_FYWB -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:31Z DEBUG Process finished, return code=0 >2018-09-19T05:33:31Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback: > on >modifying entry "cn=config" >modify complete > > >2018-09-19T05:33:31Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:31Z DEBUG duration: 0 seconds >2018-09-19T05:33:31Z DEBUG [25/44]: restarting directory server >2018-09-19T05:33:31Z DEBUG Destroyed connection context.ldap2_139871438609424 >2018-09-19T05:33:31Z DEBUG Starting external process >2018-09-19T05:33:31Z DEBUG args=/bin/systemctl --system daemon-reload >2018-09-19T05:33:31Z DEBUG Process finished, return code=0 >2018-09-19T05:33:31Z DEBUG stdout= >2018-09-19T05:33:31Z DEBUG stderr= >2018-09-19T05:33:31Z DEBUG Starting external process >2018-09-19T05:33:31Z DEBUG args=/bin/systemctl restart dirsrv@SDRHEL76-TEST.service >2018-09-19T05:33:37Z DEBUG Process finished, return code=0 >2018-09-19T05:33:37Z DEBUG stdout= >2018-09-19T05:33:37Z DEBUG stderr= >2018-09-19T05:33:37Z DEBUG Starting external process >2018-09-19T05:33:37Z DEBUG args=/bin/systemctl is-active dirsrv@SDRHEL76-TEST.service >2018-09-19T05:33:37Z DEBUG Process finished, return code=0 >2018-09-19T05:33:37Z DEBUG stdout=active > >2018-09-19T05:33:37Z DEBUG stderr= >2018-09-19T05:33:37Z DEBUG wait_for_open_ports: localhost [389] timeout 300 >2018-09-19T05:33:37Z DEBUG waiting for port: 389 >2018-09-19T05:33:37Z DEBUG SUCCESS: port: 389 >2018-09-19T05:33:37Z DEBUG Restart of dirsrv@SDRHEL76-TEST.service complete >2018-09-19T05:33:37Z DEBUG Starting external process >2018-09-19T05:33:37Z DEBUG args=/bin/systemctl is-active dirsrv@SDRHEL76-TEST.service >2018-09-19T05:33:37Z DEBUG Process finished, return code=0 >2018-09-19T05:33:37Z DEBUG stdout=active > >2018-09-19T05:33:37Z DEBUG stderr= >2018-09-19T05:33:37Z DEBUG Created connection context.ldap2_139871438609424 >2018-09-19T05:33:37Z DEBUG duration: 6 seconds >2018-09-19T05:33:37Z DEBUG [26/44]: adding sasl mappings to the directory >2018-09-19T05:33:37Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket from SchemaCache >2018-09-19T05:33:37Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f365ad27f80> >2018-09-19T05:33:37Z DEBUG duration: 0 seconds >2018-09-19T05:33:37Z DEBUG [27/44]: adding default layout >2018-09-19T05:33:37Z DEBUG Starting external process >2018-09-19T05:33:37Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpPHhZhg -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:38Z DEBUG Process finished, return code=0 >2018-09-19T05:33:38Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > accounts >adding new entry "cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > users >adding new entry "cn=users,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > groups >adding new entry "cn=groups,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > services >adding new entry "cn=services,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > computers >adding new entry "cn=computers,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > hostgroups >adding new entry "cn=hostgroups,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer >add cn: > alt >adding new entry "cn=alt,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer >add cn: > ng >adding new entry "cn=ng,cn=alt,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer >add cn: > automount >adding new entry "cn=automount,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer >add cn: > default >adding new entry "cn=default,cn=automount,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > automountMap >add automountMapName: > auto.master >adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > automountMap >add automountMapName: > auto.direct >adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > automount >add automountKey: > /- >add automountInformation: > auto.direct >add description: > /- auto.direct >adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbac >adding new entry "cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbacservices >adding new entry "cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbacservicegroups >adding new entry "cn=hbacservicegroups,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudo >adding new entry "cn=sudo,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudocmds >adding new entry "cn=sudocmds,cn=sudo,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudocmdgroups >adding new entry "cn=sudocmdgroups,cn=sudo,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudorules >adding new entry "cn=sudorules,cn=sudo,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > etc >adding new entry "cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > locations >adding new entry "cn=locations,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > sysaccounts >adding new entry "cn=sysaccounts,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > ipa >adding new entry "cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > masters >adding new entry "cn=masters,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > replicas >adding new entry "cn=replicas,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > dna >adding new entry "cn=dna,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > posix-ids >adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > ca_renewal >adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > certificates >adding new entry "cn=certificates,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > custodia >adding new entry "cn=custodia,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > dogtag >adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > s4u2proxy >adding new entry "cn=s4u2proxy,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > ipaKrb5DelegationACL > groupOfPrincipals > top >add cn: > ipa-http-delegation >add memberPrincipal: > HTTP/master.sdrhel76.test@SDRHEL76.TEST >add ipaAllowedTarget: > cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=sdrhel76,dc=test > cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=sdrhel76,dc=test >adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > groupOfPrincipals > top >add cn: > ipa-ldap-delegation-targets >add memberPrincipal: > ldap/master.sdrhel76.test@SDRHEL76.TEST >adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > groupOfPrincipals > top >add cn: > ipa-cifs-delegation-targets >adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > person > posixaccount > krbprincipalaux > krbticketpolicyaux > inetuser > ipaobject > ipasshuser >add uid: > admin >add krbPrincipalName: > admin@SDRHEL76.TEST >add cn: > Administrator >add sn: > Administrator >add uidNumber: > 1786200000 >add gidNumber: > 1786200000 >add homeDirectory: > /home/admin >add loginShell: > /bin/bash >add gecos: > Administrator >add nsAccountLock: > FALSE >add ipaUniqueID: > autogenerate >adding new entry "uid=admin,cn=users,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > posixgroup > ipausergroup > ipaobject >add cn: > admins >add description: > Account administrators group >add gidNumber: > 1786200000 >add member: > uid=admin,cn=users,cn=accounts,dc=sdrhel76,dc=test >add nsAccountLock: > FALSE >add ipaUniqueID: > autogenerate >adding new entry "cn=admins,cn=groups,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup > ipausergroup > ipaobject >add description: > Default group for all users >add cn: > ipausers >add ipaUniqueID: > autogenerate >adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > posixgroup > ipausergroup > ipaobject >add gidNumber: > 1786200002 >add description: > Limited admins who can edit other users >add cn: > editors >add ipaUniqueID: > autogenerate >adding new entry "cn=editors,cn=groups,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupOfNames > nestedGroup > ipaobject > ipahostgroup >add description: > IPA server hosts >add cn: > ipaservers >add ipaUniqueID: > autogenerate >adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sshd >add description: > sshd >add ipauniqueid: > autogenerate >adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > ftp >add description: > ftp >add ipauniqueid: > autogenerate >adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > su >add description: > su >add ipauniqueid: > autogenerate >adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > login >add description: > login >add ipauniqueid: > autogenerate >adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > su-l >add description: > su with login shell >add ipauniqueid: > autogenerate >adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sudo >add description: > sudo >add ipauniqueid: > autogenerate >adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sudo-i >add description: > sudo-i >add ipauniqueid: > autogenerate >adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > gdm >add description: > gdm >add ipauniqueid: > autogenerate >adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > gdm-password >add description: > gdm-password >add ipauniqueid: > autogenerate >adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > kdm >add description: > kdm >add ipauniqueid: > autogenerate >adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > ipaobject > ipahbacservicegroup > nestedGroup > groupOfNames > top >add cn: > Sudo >add ipauniqueid: > autogenerate >add description: > Default group of Sudo related services >add member: > cn=sudo,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test > cn=sudo-i,cn=hbacservices,cn=hbac,dc=sdrhel76,dc=test >adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top > ipaGuiConfig > ipaConfigObject >add ipaUserSearchFields: > uid,givenname,sn,telephonenumber,ou,title >add ipaGroupSearchFields: > cn,description >add ipaSearchTimeLimit: > 2 >add ipaSearchRecordsLimit: > 100 >add ipaHomesRootDir: > /home >add ipaDefaultLoginShell: > /bin/sh >add ipaDefaultPrimaryGroup: > ipausers >add ipaMaxUsernameLength: > 32 >add ipaPwdExpAdvNotify: > 4 >add ipaGroupObjectClasses: > top > groupofnames > nestedgroup > ipausergroup > ipaobject >add ipaUserObjectClasses: > top > person > organizationalperson > inetorgperson > inetuser > posixaccount > krbprincipalaux > krbticketpolicyaux > ipaobject > ipasshuser >add ipaDefaultEmailDomain: > sdrhel76.test >add ipaMigrationEnabled: > FALSE >add ipaConfigString: > AllowNThash > KDC:Disable Last Success >add ipaSELinuxUserMapOrder: > guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 >add ipaSELinuxUserMapDefault: > unconfined_u:s0-s0:c0.c1023 >adding new entry "cn=ipaConfig,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > top > nsContainer >add cn: > cosTemplates >adding new entry "cn=cosTemplates,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add description: > Password Policy based on group membership >add objectClass: > top > ldapsubentry > cosSuperDefinition > cosClassicDefinition >add cosTemplateDn: > cn=cosTemplates,cn=accounts,dc=sdrhel76,dc=test >add cosAttribute: > krbPwdPolicyReference override >add cosSpecifier: > memberOf >adding new entry "cn=Password Policy,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > selinux >adding new entry "cn=selinux,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > usermap >adding new entry "cn=usermap,cn=selinux,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > ranges >adding new entry "cn=ranges,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > ipaIDrange > ipaDomainIDRange >add cn: > SDRHEL76.TEST_id_range >add ipaBaseID: > 1786200000 >add ipaIDRangeSize: > 200000 >add ipaRangeType: > ipa-local >adding new entry "cn=SDRHEL76.TEST_id_range,cn=ranges,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > ca >adding new entry "cn=ca,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > certprofiles >adding new entry "cn=certprofiles,cn=ca,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > caacls >adding new entry "cn=caacls,cn=ca,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > cas >adding new entry "cn=cas,cn=ca,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:38Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:38Z DEBUG duration: 0 seconds >2018-09-19T05:33:38Z DEBUG [28/44]: adding delegation layout >2018-09-19T05:33:38Z DEBUG Starting external process >2018-09-19T05:33:38Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpPenJv7 -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:38Z DEBUG Process finished, return code=0 >2018-09-19T05:33:38Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > roles >adding new entry "cn=roles,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > pbac >adding new entry "cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > privileges >adding new entry "cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > permissions >adding new entry "cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > helpdesk >add description: > Helpdesk >adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > User Administrators >add description: > User Administrators >adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Group Administrators >add description: > Group Administrators >adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Administrators >add description: > Host Administrators >adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Group Administrators >add description: > Host Group Administrators >adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Delegation Administrator >add description: > Role administration >adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > DNS Administrators >add description: > DNS Administrators >adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > DNS Servers >add description: > DNS Servers >adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Service Administrators >add description: > Service Administrators >adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Automount Administrators >add description: > Automount Administrators >adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Netgroups Administrators >add description: > Netgroups Administrators >adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Certificate Administrators >add description: > Certificate Administrators >adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Replication Administrators >add description: > Replication Administrators >add member: > cn=admins,cn=groups,cn=accounts,dc=sdrhel76,dc=test >adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Enrollment >add description: > Host Enrollment >adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Administrators >add description: > Stage User Administrators >adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Provisioning >add description: > Stage User Provisioning >adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Add Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test >adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test >adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Read Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test >adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Remove Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test >adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify DNA Range >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test >adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer >add cn: > virtual operations >adding new entry "cn=virtual operations,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Retrieve Certificates from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test >adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=sdrhel76,dc=test" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test >adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=sdrhel76,dc=test" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificates from a different host >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test >adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=sdrhel76,dc=test" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Get Certificates status from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test >adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=sdrhel76,dc=test" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Revoke Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test >adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=sdrhel76,dc=test" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Certificate Remove Hold >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=sdrhel76,dc=test >adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=sdrhel76,dc=test" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:38Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:38Z DEBUG duration: 0 seconds >2018-09-19T05:33:38Z DEBUG [29/44]: creating container for managed entries >2018-09-19T05:33:38Z DEBUG Starting external process >2018-09-19T05:33:38Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpHnnlmp -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:38Z DEBUG Process finished, return code=0 >2018-09-19T05:33:38Z DEBUG stdout=add objectClass: > nsContainer > top >add cn: > Managed Entries >adding new entry "cn=Managed Entries,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > Templates >adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > nsContainer > top >add cn: > Definitions >adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:38Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:38Z DEBUG duration: 0 seconds >2018-09-19T05:33:38Z DEBUG [30/44]: configuring user private groups >2018-09-19T05:33:38Z DEBUG Starting external process >2018-09-19T05:33:38Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp4mujNy -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:38Z DEBUG Process finished, return code=0 >2018-09-19T05:33:38Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > UPG Template >add mepRDNAttr: > cn >add mepStaticAttr: > objectclass: posixgroup > objectclass: ipaobject > ipaUniqueId: autogenerate >add mepMappedAttr: > cn: $uid > gidNumber: $uidNumber > description: User private group for $uid >adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > extensibleObject >add cn: > UPG Definition >add originScope: > cn=users,cn=accounts,dc=sdrhel76,dc=test >add originFilter: > (&(objectclass=posixAccount)(!(description=__no_upg__))) >add managedBase: > cn=groups,cn=accounts,dc=sdrhel76,dc=test >add managedTemplate: > cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=sdrhel76,dc=test >adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:38Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:38Z DEBUG duration: 0 seconds >2018-09-19T05:33:38Z DEBUG [31/44]: configuring netgroups from hostgroups >2018-09-19T05:33:38Z DEBUG Starting external process >2018-09-19T05:33:38Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpcAp1Ol -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:38Z DEBUG Process finished, return code=0 >2018-09-19T05:33:38Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > NGP HGP Template >add mepRDNAttr: > cn >add mepStaticAttr: > ipaUniqueId: autogenerate > objectclass: ipanisnetgroup > objectclass: ipaobject > nisDomainName: sdrhel76.test >add mepMappedAttr: > cn: $cn > memberHost: $dn > description: ipaNetgroup $cn >adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > extensibleObject >add cn: > NGP Definition >add originScope: > cn=hostgroups,cn=accounts,dc=sdrhel76,dc=test >add originFilter: > objectclass=ipahostgroup >add managedBase: > cn=ng,cn=alt,dc=sdrhel76,dc=test >add managedTemplate: > cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=sdrhel76,dc=test >adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:38Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:38Z DEBUG duration: 0 seconds >2018-09-19T05:33:38Z DEBUG [32/44]: creating default Sudo bind user >2018-09-19T05:33:38Z DEBUG Starting external process >2018-09-19T05:33:38Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpT9kLNS -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:39Z DEBUG Process finished, return code=0 >2018-09-19T05:33:39Z DEBUG stdout=add objectclass: > account > simplesecurityobject >add uid: > sudo >add userPassword: > XXXXXXXX >add passwordExpirationTime: > 20380119031407Z >add nsIdleTimeout: > 0 >adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:39Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:39Z DEBUG duration: 0 seconds >2018-09-19T05:33:39Z DEBUG [33/44]: creating default Auto Member layout >2018-09-19T05:33:39Z DEBUG Starting external process >2018-09-19T05:33:39Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpbw_j3_ -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:39Z DEBUG Process finished, return code=0 >2018-09-19T05:33:39Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=automember,cn=etc,dc=sdrhel76,dc=test >modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsContainer >add cn: > automember >adding new entry "cn=automember,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Hostgroup >add autoMemberScope: > cn=computers,cn=accounts,dc=sdrhel76,dc=test >add autoMemberFilter: > objectclass=ipaHost >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Group >add autoMemberScope: > cn=users,cn=accounts,dc=sdrhel76,dc=test >add autoMemberFilter: > objectclass=posixAccount >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Group,cn=automember,cn=etc,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:39Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:39Z DEBUG duration: 0 seconds >2018-09-19T05:33:39Z DEBUG [34/44]: adding range check plugin >2018-09-19T05:33:39Z DEBUG Starting external process >2018-09-19T05:33:39Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp4PYPOY -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:39Z DEBUG Process finished, return code=0 >2018-09-19T05:33:39Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Range-Check >add nsslapd-pluginpath: > libipa_range_check >add nsslapd-plugininitfunc: > ipa_range_check_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_range_check_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Range-Check plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=sdrhel76,dc=test >adding new entry "cn=IPA Range-Check,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:39Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:39Z DEBUG duration: 0 seconds >2018-09-19T05:33:39Z DEBUG [35/44]: creating default HBAC rule allow_all >2018-09-19T05:33:39Z DEBUG Starting external process >2018-09-19T05:33:39Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpiSN9xo -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:39Z DEBUG Process finished, return code=0 >2018-09-19T05:33:39Z DEBUG stdout=add objectclass: > ipaassociation > ipahbacrule >add cn: > allow_all >add accessruletype: > allow >add usercategory: > all >add hostcategory: > all >add servicecategory: > all >add ipaenabledflag: > TRUE >add description: > Allow all users to access any host from any host >add ipauniqueid: > autogenerate >adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:39Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:39Z DEBUG duration: 0 seconds >2018-09-19T05:33:39Z DEBUG [36/44]: adding entries for topology management >2018-09-19T05:33:39Z DEBUG Starting external process >2018-09-19T05:33:39Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp_J8G5n -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:39Z DEBUG Process finished, return code=0 >2018-09-19T05:33:39Z DEBUG stdout=add objectclass: > top > nsContainer >add cn: > topology >adding new entry "cn=topology,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add objectclass: > top > iparepltopoconf >add ipaReplTopoConfRoot: > dc=sdrhel76,dc=test >add nsDS5ReplicatedAttributeList: > (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >add nsDS5ReplicatedAttributeListTotal: > (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >add nsds5ReplicaStripAttrs: > modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp >add cn: > domain >adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:39Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:39Z DEBUG duration: 0 seconds >2018-09-19T05:33:39Z DEBUG [37/44]: initializing group membership >2018-09-19T05:33:39Z DEBUG Starting external process >2018-09-19T05:33:39Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp6XgBcR -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:39Z DEBUG Process finished, return code=0 >2018-09-19T05:33:39Z DEBUG stdout=add objectClass: > top > extensibleObject >add cn: > IPA install >add basedn: > dc=sdrhel76,dc=test >add filter: > (objectclass=*) >add ttl: > 10 >adding new entry "cn=IPA install 1537335195, cn=memberof task, cn=tasks, cn=config" >modify complete > > >2018-09-19T05:33:39Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:39Z DEBUG Waiting for memberof task to complete. >2018-09-19T05:33:39Z DEBUG retrieving schema for SchemaCache url=ldap://master.sdrhel76.test:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f3659e3f680> >2018-09-19T05:33:40Z DEBUG duration: 1 seconds >2018-09-19T05:33:40Z DEBUG [38/44]: adding master entry >2018-09-19T05:33:40Z DEBUG Starting external process >2018-09-19T05:33:40Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpWC5WQt -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:40Z DEBUG Process finished, return code=0 >2018-09-19T05:33:40Z DEBUG stdout=add objectclass: > top > nsContainer > ipaReplTopoManagedServer > ipaConfigObject > ipaSupportedDomainLevelConfig >add cn: > master.sdrhel76.test >add ipaReplTopoManagedSuffix: > dc=sdrhel76,dc=test >add ipaMinDomainLevel: > 0 >add ipaMaxDomainLevel: > 1 >adding new entry "cn=master.sdrhel76.test,cn=masters,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:40Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:40Z DEBUG duration: 0 seconds >2018-09-19T05:33:40Z DEBUG [39/44]: initializing domain level >2018-09-19T05:33:40Z DEBUG Starting external process >2018-09-19T05:33:40Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp0Xk5cs -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:40Z DEBUG Process finished, return code=0 >2018-09-19T05:33:40Z DEBUG stdout=add objectClass: > top > nsContainer > ipaDomainLevelConfig >add ipaDomainLevel: > 1 >adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:40Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:40Z DEBUG duration: 0 seconds >2018-09-19T05:33:40Z DEBUG [40/44]: configuring Posix uid/gid generation >2018-09-19T05:33:40Z DEBUG Starting external process >2018-09-19T05:33:40Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpD8RfBC -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Posix IDs >add dnaType: > uidNumber > gidNumber >add dnaNextValue: > 1786200000 >add dnaMaxValue: > 1786399999 >add dnaMagicRegen: > -1 >add dnaFilter: > (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) >add dnaScope: > dc=sdrhel76,dc=test >add dnaThreshold: > 500 >add dnaSharedCfgDN: > cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=sdrhel76,dc=test >add dnaExcludeScope: > cn=provisioning,dc=sdrhel76,dc=test >adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >replace nsslapd-pluginEnabled: > on >modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:41Z DEBUG duration: 0 seconds >2018-09-19T05:33:41Z DEBUG [41/44]: adding replication acis >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpMR7lLY -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout=add aci: > (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=sdrhel76,dc=test";) >modifying entry "cn=tasks,cn=config" >modify complete > > >2018-09-19T05:33:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:41Z DEBUG duration: 0 seconds >2018-09-19T05:33:41Z DEBUG [42/44]: activating sidgen plugin >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpjKWIRj -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA SIDGEN >add nsslapd-pluginpath: > libipa_sidgen >add nsslapd-plugininitfunc: > ipa_sidgen_init >add nsslapd-plugintype: > postoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_sidgen_postop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA SIDGEN post operation >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=sdrhel76,dc=test >adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:41Z DEBUG duration: 0 seconds >2018-09-19T05:33:41Z DEBUG [43/44]: activating extdom plugin >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpBKXWoE -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_extdom_extop >add nsslapd-pluginpath: > libipa_extdom_extop >add nsslapd-plugininitfunc: > ipa_extdom_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_extdom_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support resolving IDs in trusted domains to names and back >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=sdrhel76,dc=test >adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:41Z DEBUG duration: 0 seconds >2018-09-19T05:33:41Z DEBUG [44/44]: configuring directory to start on boot >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/bin/systemctl is-enabled dirsrv@SDRHEL76-TEST.service >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout=enabled > >2018-09-19T05:33:41Z DEBUG stderr= >2018-09-19T05:33:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:41Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/bin/systemctl disable dirsrv@SDRHEL76-TEST.service >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout= >2018-09-19T05:33:41Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/dirsrv@SDRHEL76-TEST.service. >Removed symlink /etc/systemd/system/dirsrv.target.wants/dirsrv@SDRHEL76-TEST.service. > >2018-09-19T05:33:41Z DEBUG duration: 0 seconds >2018-09-19T05:33:41Z DEBUG Done configuring directory server (dirsrv). >2018-09-19T05:33:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:41Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/bin/systemctl is-active ntpd.service >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout=active > >2018-09-19T05:33:41Z DEBUG stderr= >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/bin/systemctl disable ntpd.service >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout= >2018-09-19T05:33:41Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/ntpd.service. > >2018-09-19T05:33:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-09-19T05:33:41Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/bin/systemctl start ntpd.service >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout= >2018-09-19T05:33:41Z DEBUG stderr= >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/bin/systemctl is-active ntpd.service >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout=active > >2018-09-19T05:33:41Z DEBUG stderr= >2018-09-19T05:33:41Z DEBUG Start of ntpd.service complete >2018-09-19T05:33:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=keyctl get_persistent @s 0 >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout=656085567 > >2018-09-19T05:33:41Z DEBUG stderr= >2018-09-19T05:33:41Z DEBUG Enabling persistent keyring CCACHE >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/bin/systemctl is-active krb5kdc.service >2018-09-19T05:33:41Z DEBUG Process finished, return code=3 >2018-09-19T05:33:41Z DEBUG stdout=unknown > >2018-09-19T05:33:41Z DEBUG stderr= >2018-09-19T05:33:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:41Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/bin/systemctl stop krb5kdc.service >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout= >2018-09-19T05:33:41Z DEBUG stderr= >2018-09-19T05:33:41Z DEBUG Stop of krb5kdc.service complete >2018-09-19T05:33:41Z DEBUG Configuring Kerberos KDC (krb5kdc) >2018-09-19T05:33:41Z DEBUG [1/10]: adding kerberos container to the directory >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpAQdjgi -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout=add objectClass: > krbContainer > top >add cn: > kerberos >adding new entry "cn=kerberos,dc=sdrhel76,dc=test" >modify complete > >add cn: > SDRHEL76.TEST >add objectClass: > top > krbrealmcontainer > krbticketpolicyaux >add krbSubTrees: > dc=sdrhel76,dc=test >add krbSearchScope: > 2 >add krbSupportedEncSaltTypes: > aes256-cts:normal > aes256-cts:special > aes128-cts:normal > aes128-cts:special > des3-hmac-sha1:normal > des3-hmac-sha1:special > arcfour-hmac:normal > arcfour-hmac:special > camellia128-cts-cmac:normal > camellia128-cts-cmac:special > camellia256-cts-cmac:normal > camellia256-cts-cmac:special >add krbMaxTicketLife: > 86400 >add krbMaxRenewableAge: > 604800 >add krbDefaultEncSaltTypes: > aes256-cts:special > aes128-cts:special >adding new entry "cn=SDRHEL76.TEST,cn=kerberos,dc=sdrhel76,dc=test" >modify complete > >add objectClass: > top > nsContainer > krbPwdPolicy >add krbMinPwdLife: > 3600 >add krbPwdMinDiffChars: > 0 >add krbPwdMinLength: > 8 >add krbPwdHistoryLength: > 0 >add krbMaxPwdLife: > 7776000 >add krbPwdMaxFailure: > 6 >add krbPwdFailureCountInterval: > 60 >add krbPwdLockoutDuration: > 600 >adding new entry "cn=global_policy,cn=SDRHEL76.TEST,cn=kerberos,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:41Z DEBUG duration: 0 seconds >2018-09-19T05:33:41Z DEBUG [2/10]: configuring KDC >2018-09-19T05:33:41Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf' >2018-09-19T05:33:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:41Z DEBUG Backing up system configuration file '/etc/krb5.conf' >2018-09-19T05:33:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:41Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini' >2018-09-19T05:33:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:41Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con' >2018-09-19T05:33:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:41Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con' >2018-09-19T05:33:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=klist -V >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout=Kerberos 5 version 1.15.1 > >2018-09-19T05:33:41Z DEBUG stderr= >2018-09-19T05:33:41Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc' >2018-09-19T05:33:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/usr/sbin/selinuxenabled >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout= >2018-09-19T05:33:41Z DEBUG stderr= >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=/sbin/restorecon /etc/sysconfig/krb5kdc >2018-09-19T05:33:41Z DEBUG Process finished, return code=0 >2018-09-19T05:33:41Z DEBUG stdout= >2018-09-19T05:33:41Z DEBUG stderr= >2018-09-19T05:33:41Z DEBUG duration: 0 seconds >2018-09-19T05:33:41Z DEBUG [3/10]: initialize kerberos container >2018-09-19T05:33:41Z DEBUG Starting external process >2018-09-19T05:33:41Z DEBUG args=kdb5_util create -s -r SDRHEL76.TEST -x ipa-setup-override-restrictions >2018-09-19T05:33:42Z DEBUG Process finished, return code=0 >2018-09-19T05:33:42Z DEBUG stdout=Loading random data >Initializing database '/var/kerberos/krb5kdc/principal' for realm 'SDRHEL76.TEST', >master key name 'K/M@SDRHEL76.TEST' >You will be prompted for the database Master Password. >It is important that you NOT FORGET this password. >Enter KDC database master key: >Re-enter KDC database master key to verify: > >2018-09-19T05:33:42Z DEBUG stderr= >2018-09-19T05:33:42Z DEBUG duration: 0 seconds >2018-09-19T05:33:42Z DEBUG [4/10]: adding default ACIs >2018-09-19T05:33:42Z DEBUG Starting external process >2018-09-19T05:33:42Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp60ucYl -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:42Z DEBUG Process finished, return code=0 >2018-09-19T05:33:42Z DEBUG stdout=add aci: > (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) >modifying entry "dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) > (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) > (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) >modifying entry "dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=sdrhel76,dc=test";) >modifying entry "cn=etc,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=sdrhel76,dc=test";) >modifying entry "cn=ipa,cn=etc,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=sdrhel76,dc=test";) > (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=sdrhel76,dc=test";) > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=sdrhel76,dc=test";) > (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) >modifying entry "cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=sdrhel76,dc=test")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=sdrhel76,dc=test";) >modifying entry "cn=services,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) >modifying entry "cn=services,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) > (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) >modifying entry "cn=computers,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) > (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) >modifying entry "cn=computers,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=sdrhel76,dc=test")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=sdrhel76,dc=test";) >modifying entry "cn=computers,cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) >modifying entry "cn=accounts,dc=sdrhel76,dc=test" >modify complete > >add aci: > (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) > (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=sdrhel76,dc=test")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) >modifying entry "dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:42Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:42Z DEBUG duration: 0 seconds >2018-09-19T05:33:42Z DEBUG [5/10]: creating a keytab for the directory >2018-09-19T05:33:42Z DEBUG Starting external process >2018-09-19T05:33:42Z DEBUG args=kadmin.local -q addprinc -randkey ldap/master.sdrhel76.test@SDRHEL76.TEST -x ipa-setup-override-restrictions >2018-09-19T05:33:42Z DEBUG Process finished, return code=0 >2018-09-19T05:33:42Z DEBUG stdout=Authenticating as principal root/admin@SDRHEL76.TEST with password. >Principal "ldap/master.sdrhel76.test@SDRHEL76.TEST" created. > >2018-09-19T05:33:42Z DEBUG stderr=WARNING: no policy specified for ldap/master.sdrhel76.test@SDRHEL76.TEST; defaulting to no policy > >2018-09-19T05:33:42Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' >2018-09-19T05:33:42Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist >2018-09-19T05:33:42Z DEBUG Starting external process >2018-09-19T05:33:42Z DEBUG args=kadmin.local -q ktadd -k /etc/dirsrv/ds.keytab ldap/master.sdrhel76.test@SDRHEL76.TEST -x ipa-setup-override-restrictions >2018-09-19T05:33:43Z DEBUG Process finished, return code=0 >2018-09-19T05:33:43Z DEBUG stdout=Authenticating as principal root/admin@SDRHEL76.TEST with password. >Entry for principal ldap/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. > >2018-09-19T05:33:43Z DEBUG stderr= >2018-09-19T05:33:43Z DEBUG duration: 0 seconds >2018-09-19T05:33:43Z DEBUG [6/10]: creating a keytab for the machine >2018-09-19T05:33:43Z DEBUG Starting external process >2018-09-19T05:33:43Z DEBUG args=kadmin.local -q addprinc -randkey host/master.sdrhel76.test@SDRHEL76.TEST -x ipa-setup-override-restrictions >2018-09-19T05:33:43Z DEBUG Process finished, return code=0 >2018-09-19T05:33:43Z DEBUG stdout=Authenticating as principal root/admin@SDRHEL76.TEST with password. >Principal "host/master.sdrhel76.test@SDRHEL76.TEST" created. > >2018-09-19T05:33:43Z DEBUG stderr=WARNING: no policy specified for host/master.sdrhel76.test@SDRHEL76.TEST; defaulting to no policy > >2018-09-19T05:33:43Z DEBUG Backing up system configuration file '/etc/krb5.keytab' >2018-09-19T05:33:43Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:43Z DEBUG Starting external process >2018-09-19T05:33:43Z DEBUG args=kadmin.local -q ktadd -k /etc/krb5.keytab host/master.sdrhel76.test@SDRHEL76.TEST -x ipa-setup-override-restrictions >2018-09-19T05:33:44Z DEBUG Process finished, return code=0 >2018-09-19T05:33:44Z DEBUG stdout=Authenticating as principal root/admin@SDRHEL76.TEST with password. >Entry for principal host/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/master.sdrhel76.test@SDRHEL76.TEST with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. > >2018-09-19T05:33:44Z DEBUG stderr= >2018-09-19T05:33:44Z DEBUG importing all plugin modules in ipaserver.plugins... >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.aci >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.automember >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.automount >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.baseldap >2018-09-19T05:33:44Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.baseuser >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.batch >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.ca >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.caacl >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.cert >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.certmap >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.certprofile >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.config >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.delegation >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.dns >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.dogtag >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.group >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.hbac >2018-09-19T05:33:44Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.hbactest >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.host >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.idrange >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.idviews >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.internal >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.join >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.location >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.migration >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.misc >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.netgroup >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.otp >2018-09-19T05:33:44Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.otptoken >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.passwd >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.permission >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.ping >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.pkinit >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.privilege >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.rabase >2018-09-19T05:33:44Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.role >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.schema >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.selfservice >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.server >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.serverrole >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.serverroles >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.service >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.session >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.stageuser >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.sudo >2018-09-19T05:33:44Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.sudorule >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.topology >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.trust >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.user >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.vault >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.virtual >2018-09-19T05:33:44Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.whoami >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2018-09-19T05:33:44Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.dns >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2018-09-19T05:33:44Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2018-09-19T05:33:46Z DEBUG Created connection context.ldap2_139871409595984 >2018-09-19T05:33:46Z DEBUG Destroyed connection context.ldap2_139871409595984 >2018-09-19T05:33:46Z DEBUG Created connection context.ldap2_139871409595984 >2018-09-19T05:33:46Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update' >2018-09-19T05:33:46Z DEBUG flushing ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket from SchemaCache >2018-09-19T05:33:46Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f365919d710> >2018-09-19T05:33:46Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=sdrhel76,dc=test >2018-09-19T05:33:46Z DEBUG --------------------------------------------- >2018-09-19T05:33:46Z DEBUG Initial value >2018-09-19T05:33:46Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=sdrhel76,dc=test >2018-09-19T05:33:46Z DEBUG objectClass: >2018-09-19T05:33:46Z DEBUG top >2018-09-19T05:33:46Z DEBUG groupOfNames >2018-09-19T05:33:46Z DEBUG nestedGroup >2018-09-19T05:33:46Z DEBUG ipaobject >2018-09-19T05:33:46Z DEBUG ipahostgroup >2018-09-19T05:33:46Z DEBUG cn: >2018-09-19T05:33:46Z DEBUG ipaservers >2018-09-19T05:33:46Z DEBUG ipaUniqueID: >2018-09-19T05:33:46Z DEBUG 8f56a65a-bbcd-11e8-b969-5254007eedd6 >2018-09-19T05:33:46Z DEBUG description: >2018-09-19T05:33:46Z DEBUG IPA server hosts >2018-09-19T05:33:46Z DEBUG --------------------------------------------- >2018-09-19T05:33:46Z DEBUG Final value after applying updates >2018-09-19T05:33:46Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=sdrhel76,dc=test >2018-09-19T05:33:46Z DEBUG objectClass: >2018-09-19T05:33:46Z DEBUG top >2018-09-19T05:33:46Z DEBUG groupOfNames >2018-09-19T05:33:46Z DEBUG nestedGroup >2018-09-19T05:33:46Z DEBUG ipaobject >2018-09-19T05:33:46Z DEBUG ipahostgroup >2018-09-19T05:33:46Z DEBUG cn: >2018-09-19T05:33:46Z DEBUG ipaservers >2018-09-19T05:33:46Z DEBUG ipaUniqueID: >2018-09-19T05:33:46Z DEBUG 8f56a65a-bbcd-11e8-b969-5254007eedd6 >2018-09-19T05:33:46Z DEBUG description: >2018-09-19T05:33:46Z DEBUG IPA server hosts >2018-09-19T05:33:46Z DEBUG [] >2018-09-19T05:33:46Z DEBUG Updated 0 >2018-09-19T05:33:46Z DEBUG Done >2018-09-19T05:33:46Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=sdrhel76,dc=test >2018-09-19T05:33:46Z DEBUG --------------------------------------------- >2018-09-19T05:33:46Z DEBUG Initial value >2018-09-19T05:33:46Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=sdrhel76,dc=test >2018-09-19T05:33:46Z DEBUG objectClass: >2018-09-19T05:33:46Z DEBUG top >2018-09-19T05:33:46Z DEBUG groupOfNames >2018-09-19T05:33:46Z DEBUG nestedGroup >2018-09-19T05:33:46Z DEBUG ipaobject >2018-09-19T05:33:46Z DEBUG ipahostgroup >2018-09-19T05:33:46Z DEBUG cn: >2018-09-19T05:33:46Z DEBUG ipaservers >2018-09-19T05:33:46Z DEBUG ipaUniqueID: >2018-09-19T05:33:46Z DEBUG 8f56a65a-bbcd-11e8-b969-5254007eedd6 >2018-09-19T05:33:46Z DEBUG description: >2018-09-19T05:33:46Z DEBUG IPA server hosts >2018-09-19T05:33:46Z DEBUG add: 'fqdn=master.sdrhel76.test,cn=computers,cn=accounts,dc=sdrhel76,dc=test' to member, current value [] >2018-09-19T05:33:46Z DEBUG add: updated value [u'fqdn=master.sdrhel76.test,cn=computers,cn=accounts,dc=sdrhel76,dc=test'] >2018-09-19T05:33:46Z DEBUG --------------------------------------------- >2018-09-19T05:33:46Z DEBUG Final value after applying updates >2018-09-19T05:33:46Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=sdrhel76,dc=test >2018-09-19T05:33:46Z DEBUG objectClass: >2018-09-19T05:33:46Z DEBUG top >2018-09-19T05:33:46Z DEBUG groupOfNames >2018-09-19T05:33:46Z DEBUG nestedGroup >2018-09-19T05:33:46Z DEBUG ipaobject >2018-09-19T05:33:46Z DEBUG ipahostgroup >2018-09-19T05:33:46Z DEBUG member: >2018-09-19T05:33:46Z DEBUG fqdn=master.sdrhel76.test,cn=computers,cn=accounts,dc=sdrhel76,dc=test >2018-09-19T05:33:46Z DEBUG cn: >2018-09-19T05:33:46Z DEBUG ipaservers >2018-09-19T05:33:46Z DEBUG ipaUniqueID: >2018-09-19T05:33:46Z DEBUG 8f56a65a-bbcd-11e8-b969-5254007eedd6 >2018-09-19T05:33:46Z DEBUG description: >2018-09-19T05:33:46Z DEBUG IPA server hosts >2018-09-19T05:33:46Z DEBUG [(2, u'member', [u'fqdn=master.sdrhel76.test,cn=computers,cn=accounts,dc=sdrhel76,dc=test'])] >2018-09-19T05:33:46Z DEBUG Updated 1 >2018-09-19T05:33:46Z DEBUG Done >2018-09-19T05:33:46Z DEBUG Destroyed connection context.ldap2_139871409595984 >2018-09-19T05:33:46Z DEBUG duration: 3 seconds >2018-09-19T05:33:46Z DEBUG [7/10]: adding the password extension to the directory >2018-09-19T05:33:46Z DEBUG Starting external process >2018-09-19T05:33:46Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpToTo_7 -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:46Z DEBUG Process finished, return code=0 >2018-09-19T05:33:46Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_pwd_extop >add nsslapd-pluginpath: > libipa_pwd_extop >add nsslapd-plugininitfunc: > ipapwd_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginbetxn: > on >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_pwd_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.) >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=sdrhel76,dc=test >adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config" >modify complete > > >2018-09-19T05:33:46Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:46Z DEBUG duration: 0 seconds >2018-09-19T05:33:46Z DEBUG [8/10]: creating anonymous principal >2018-09-19T05:33:46Z DEBUG Starting external process >2018-09-19T05:33:46Z DEBUG args=kadmin.local -q addprinc -randkey WELLKNOWN/ANONYMOUS@SDRHEL76.TEST -x ipa-setup-override-restrictions >2018-09-19T05:33:46Z DEBUG Process finished, return code=0 >2018-09-19T05:33:46Z DEBUG stdout=Authenticating as principal root/admin@SDRHEL76.TEST with password. >Principal "WELLKNOWN/ANONYMOUS@SDRHEL76.TEST" created. > >2018-09-19T05:33:46Z DEBUG stderr=WARNING: no policy specified for WELLKNOWN/ANONYMOUS@SDRHEL76.TEST; defaulting to no policy > >2018-09-19T05:33:46Z DEBUG Starting external process >2018-09-19T05:33:46Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpNt4rBt -H ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket -Y EXTERNAL >2018-09-19T05:33:46Z DEBUG Process finished, return code=0 >2018-09-19T05:33:46Z DEBUG stdout=add objectclass: > ipaAllowedOperations >add aci: > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) >add ipaAllowedToPerform;read_keys: > cn=ipaservers,cn=hostgroups,cn=accounts,dc=sdrhel76,dc=test >modifying entry "krbPrincipalName=WELLKNOWN/ANONYMOUS@SDRHEL76.TEST,cn=SDRHEL76.TEST,cn=kerberos,dc=sdrhel76,dc=test" >modify complete > > >2018-09-19T05:33:46Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2018-09-19T05:33:46Z DEBUG duration: 0 seconds >2018-09-19T05:33:46Z DEBUG [9/10]: starting the KDC >2018-09-19T05:33:46Z DEBUG Starting external process >2018-09-19T05:33:46Z DEBUG args=/bin/systemctl start krb5kdc.service >2018-09-19T05:33:46Z DEBUG Process finished, return code=0 >2018-09-19T05:33:46Z DEBUG stdout= >2018-09-19T05:33:46Z DEBUG stderr= >2018-09-19T05:33:46Z DEBUG Starting external process >2018-09-19T05:33:46Z DEBUG args=/bin/systemctl is-active krb5kdc.service >2018-09-19T05:33:46Z DEBUG Process finished, return code=0 >2018-09-19T05:33:46Z DEBUG stdout=active > >2018-09-19T05:33:46Z DEBUG stderr= >2018-09-19T05:33:46Z DEBUG Start of krb5kdc.service complete >2018-09-19T05:33:46Z DEBUG duration: 0 seconds >2018-09-19T05:33:46Z DEBUG [10/10]: configuring KDC to start on boot >2018-09-19T05:33:46Z DEBUG Starting external process >2018-09-19T05:33:46Z DEBUG args=/bin/systemctl is-enabled krb5kdc.service >2018-09-19T05:33:46Z DEBUG Process finished, return code=1 >2018-09-19T05:33:46Z DEBUG stdout=disabled > >2018-09-19T05:33:46Z DEBUG stderr= >2018-09-19T05:33:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:46Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:46Z DEBUG Starting external process >2018-09-19T05:33:46Z DEBUG args=/bin/systemctl disable krb5kdc.service >2018-09-19T05:33:47Z DEBUG Process finished, return code=0 >2018-09-19T05:33:47Z DEBUG stdout= >2018-09-19T05:33:47Z DEBUG stderr= >2018-09-19T05:33:47Z DEBUG duration: 0 seconds >2018-09-19T05:33:47Z DEBUG Done configuring Kerberos KDC (krb5kdc). >2018-09-19T05:33:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:47Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:47Z DEBUG Configuring kadmin >2018-09-19T05:33:47Z DEBUG [1/2]: starting kadmin >2018-09-19T05:33:47Z DEBUG Starting external process >2018-09-19T05:33:47Z DEBUG args=/bin/systemctl is-active kadmin.service >2018-09-19T05:33:47Z DEBUG Process finished, return code=3 >2018-09-19T05:33:47Z DEBUG stdout=unknown > >2018-09-19T05:33:47Z DEBUG stderr= >2018-09-19T05:33:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:47Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:47Z DEBUG Starting external process >2018-09-19T05:33:47Z DEBUG args=/bin/systemctl restart kadmin.service >2018-09-19T05:33:47Z DEBUG Process finished, return code=0 >2018-09-19T05:33:47Z DEBUG stdout= >2018-09-19T05:33:47Z DEBUG stderr= >2018-09-19T05:33:47Z DEBUG Starting external process >2018-09-19T05:33:47Z DEBUG args=/bin/systemctl is-active kadmin.service >2018-09-19T05:33:47Z DEBUG Process finished, return code=0 >2018-09-19T05:33:47Z DEBUG stdout=active > >2018-09-19T05:33:47Z DEBUG stderr= >2018-09-19T05:33:47Z DEBUG Restart of kadmin.service complete >2018-09-19T05:33:47Z DEBUG duration: 0 seconds >2018-09-19T05:33:47Z DEBUG [2/2]: configuring kadmin to start on boot >2018-09-19T05:33:47Z DEBUG Starting external process >2018-09-19T05:33:47Z DEBUG args=/bin/systemctl is-enabled kadmin.service >2018-09-19T05:33:47Z DEBUG Process finished, return code=1 >2018-09-19T05:33:47Z DEBUG stdout=disabled > >2018-09-19T05:33:47Z DEBUG stderr= >2018-09-19T05:33:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:47Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:47Z DEBUG Starting external process >2018-09-19T05:33:47Z DEBUG args=/bin/systemctl disable kadmin.service >2018-09-19T05:33:47Z DEBUG Process finished, return code=0 >2018-09-19T05:33:47Z DEBUG stdout= >2018-09-19T05:33:47Z DEBUG stderr= >2018-09-19T05:33:47Z DEBUG duration: 0 seconds >2018-09-19T05:33:47Z DEBUG Done configuring kadmin. >2018-09-19T05:33:47Z INFO Custodia client for '<CustodiaModes.MASTER_PEER: 'Custodia master peer'>' with promotion no. >2018-09-19T05:33:47Z INFO Custodia uses LDAPI. >2018-09-19T05:33:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:47Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:47Z DEBUG Configuring ipa-custodia >2018-09-19T05:33:47Z DEBUG [1/5]: Making sure custodia container exists >2018-09-19T05:33:47Z DEBUG importing all plugin modules in ipaserver.plugins... >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.aci >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.automember >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.automount >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.baseldap >2018-09-19T05:33:47Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.baseuser >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.batch >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.ca >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.caacl >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.cert >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.certmap >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.certprofile >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.config >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.delegation >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.dns >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.dogtag >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.group >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.hbac >2018-09-19T05:33:47Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.hbactest >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.host >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.idrange >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.idviews >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.internal >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.join >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.location >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.migration >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.misc >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.netgroup >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.otp >2018-09-19T05:33:47Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.otptoken >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.passwd >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.permission >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.ping >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.pkinit >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.privilege >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.rabase >2018-09-19T05:33:47Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.role >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.schema >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.selfservice >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.server >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.serverrole >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.serverroles >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.service >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.session >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.stageuser >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.sudo >2018-09-19T05:33:47Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.sudorule >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.topology >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.trust >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.user >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.vault >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.virtual >2018-09-19T05:33:47Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.whoami >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2018-09-19T05:33:47Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.dns >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2018-09-19T05:33:47Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2018-09-19T05:33:49Z DEBUG Created connection context.ldap2_139871397199696 >2018-09-19T05:33:49Z DEBUG Destroyed connection context.ldap2_139871397199696 >2018-09-19T05:33:49Z DEBUG Created connection context.ldap2_139871397199696 >2018-09-19T05:33:49Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update' >2018-09-19T05:33:49Z DEBUG flushing ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket from SchemaCache >2018-09-19T05:33:49Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Fvar%2Frun%2Fslapd-SDRHEL76-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f36591b9050> >2018-09-19T05:33:49Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=sdrhel76,dc=test >2018-09-19T05:33:49Z DEBUG --------------------------------------------- >2018-09-19T05:33:49Z DEBUG Initial value >2018-09-19T05:33:49Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=sdrhel76,dc=test >2018-09-19T05:33:49Z DEBUG objectClass: >2018-09-19T05:33:49Z DEBUG nsContainer >2018-09-19T05:33:49Z DEBUG top >2018-09-19T05:33:49Z DEBUG cn: >2018-09-19T05:33:49Z DEBUG custodia >2018-09-19T05:33:49Z DEBUG --------------------------------------------- >2018-09-19T05:33:49Z DEBUG Final value after applying updates >2018-09-19T05:33:49Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=sdrhel76,dc=test >2018-09-19T05:33:49Z DEBUG objectClass: >2018-09-19T05:33:49Z DEBUG nsContainer >2018-09-19T05:33:49Z DEBUG top >2018-09-19T05:33:49Z DEBUG cn: >2018-09-19T05:33:49Z DEBUG custodia >2018-09-19T05:33:49Z DEBUG [] >2018-09-19T05:33:49Z DEBUG Updated 0 >2018-09-19T05:33:49Z DEBUG Done >2018-09-19T05:33:49Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=sdrhel76,dc=test >2018-09-19T05:33:49Z DEBUG --------------------------------------------- >2018-09-19T05:33:49Z DEBUG Initial value >2018-09-19T05:33:49Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=sdrhel76,dc=test >2018-09-19T05:33:49Z DEBUG objectClass: >2018-09-19T05:33:49Z DEBUG nsContainer >2018-09-19T05:33:49Z DEBUG top >2018-09-19T05:33:49Z DEBUG cn: >2018-09-19T05:33:49Z DEBUG dogtag >2018-09-19T05:33:49Z DEBUG --------------------------------------------- >2018-09-19T05:33:49Z DEBUG Final value after applying updates >2018-09-19T05:33:49Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=sdrhel76,dc=test >2018-09-19T05:33:49Z DEBUG objectClass: >2018-09-19T05:33:49Z DEBUG nsContainer >2018-09-19T05:33:49Z DEBUG top >2018-09-19T05:33:49Z DEBUG cn: >2018-09-19T05:33:49Z DEBUG dogtag >2018-09-19T05:33:49Z DEBUG [] >2018-09-19T05:33:49Z DEBUG Updated 0 >2018-09-19T05:33:49Z DEBUG Done >2018-09-19T05:33:49Z DEBUG Destroyed connection context.ldap2_139871397199696 >2018-09-19T05:33:49Z DEBUG duration: 1 seconds >2018-09-19T05:33:49Z DEBUG [2/5]: Generating ipa-custodia config file >2018-09-19T05:33:49Z DEBUG duration: 0 seconds >2018-09-19T05:33:49Z DEBUG [3/5]: Generating ipa-custodia keys >2018-09-19T05:33:49Z DEBUG duration: 0 seconds >2018-09-19T05:33:49Z DEBUG [4/5]: starting ipa-custodia >2018-09-19T05:33:49Z DEBUG Starting external process >2018-09-19T05:33:49Z DEBUG args=/bin/systemctl is-active ipa-custodia.service >2018-09-19T05:33:49Z DEBUG Process finished, return code=3 >2018-09-19T05:33:49Z DEBUG stdout=unknown > >2018-09-19T05:33:49Z DEBUG stderr= >2018-09-19T05:33:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:49Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:49Z DEBUG Starting external process >2018-09-19T05:33:49Z DEBUG args=/bin/systemctl restart ipa-custodia.service >2018-09-19T05:33:49Z DEBUG Process finished, return code=0 >2018-09-19T05:33:49Z DEBUG stdout= >2018-09-19T05:33:49Z DEBUG stderr= >2018-09-19T05:33:49Z DEBUG Starting external process >2018-09-19T05:33:49Z DEBUG args=/bin/systemctl is-active ipa-custodia.service >2018-09-19T05:33:49Z DEBUG Process finished, return code=0 >2018-09-19T05:33:49Z DEBUG stdout=active > >2018-09-19T05:33:49Z DEBUG stderr= >2018-09-19T05:33:49Z DEBUG Restart of ipa-custodia.service complete >2018-09-19T05:33:49Z DEBUG duration: 0 seconds >2018-09-19T05:33:49Z DEBUG [5/5]: configuring ipa-custodia to start on boot >2018-09-19T05:33:49Z DEBUG Starting external process >2018-09-19T05:33:49Z DEBUG args=/bin/systemctl is-enabled ipa-custodia.service >2018-09-19T05:33:50Z DEBUG Process finished, return code=1 >2018-09-19T05:33:50Z DEBUG stdout=disabled > >2018-09-19T05:33:50Z DEBUG stderr= >2018-09-19T05:33:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:50Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:50Z DEBUG Starting external process >2018-09-19T05:33:50Z DEBUG args=/bin/systemctl disable ipa-custodia.service >2018-09-19T05:33:50Z DEBUG Process finished, return code=0 >2018-09-19T05:33:50Z DEBUG stdout= >2018-09-19T05:33:50Z DEBUG stderr= >2018-09-19T05:33:50Z DEBUG duration: 0 seconds >2018-09-19T05:33:50Z DEBUG Done configuring ipa-custodia. >2018-09-19T05:33:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-09-19T05:33:50Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-09-19T05:33:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-09-19T05:33:50Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-09-19T05:33:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:50Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:33:50Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes >2018-09-19T05:33:50Z DEBUG [1/28]: configuring certificate server instance >2018-09-19T05:33:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:50Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-09-19T05:33:50Z DEBUG Contents of pkispawn configuration file (/tmp/tmpFf3jw_): >[CA] >pki_security_domain_name = IPA >pki_enable_proxy = True >pki_restart_configured_instance = False >pki_backup_keys = True >pki_backup_password = XXXXXXXX >pki_profiles_in_ldap = True >pki_default_ocsp_uri = http://ipa-ca.sdrhel76.test/ca/ocsp >pki_status_request_timeout = 15 >pki_client_pkcs12_password = XXXXXXXX >pki_admin_name = admin >pki_admin_uid = admin >pki_admin_email = root@localhost >pki_admin_password = XXXXXXXX >pki_admin_nickname = ipa-ca-agent >pki_admin_subject_dn = cn=ipa-ca-agent,O=SDRHEL76.TEST >pki_client_admin_cert_p12 = /root/ca-agent.p12 >pki_ds_ldap_port = 389 >pki_ds_password = XXXXXXXX >pki_ds_base_dn = o=ipaca >pki_ds_database = ipaca >pki_subsystem_subject_dn = cn=CA Subsystem,O=SDRHEL76.TEST >pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=SDRHEL76.TEST >pki_ssl_server_subject_dn = cn=master.sdrhel76.test,O=SDRHEL76.TEST >pki_audit_signing_subject_dn = cn=CA Audit,O=SDRHEL76.TEST >pki_ca_signing_subject_dn = CN=Certificate Authority,O=SDRHEL76.TEST >pki_subsystem_nickname = subsystemCert cert-pki-ca >pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca >pki_ssl_server_nickname = Server-Cert cert-pki-ca >pki_audit_signing_nickname = auditSigningCert cert-pki-ca >pki_ca_signing_nickname = caSigningCert cert-pki-ca >pki_ca_signing_key_algorithm = SHA256withRSA >pki_pin = XXXXXXXX > > >2018-09-19T05:33:50Z DEBUG Starting external process >2018-09-19T05:33:50Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpFf3jw_ >2018-09-19T05:35:14Z DEBUG Process finished, return code=0 >2018-09-19T05:35:14Z DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20180919110350.log >Loading deployment configuration from /tmp/tmpFf3jw_. >WARNING: The 'pki_ssl_server_nickname' in [CA] has been deprecated. Use 'pki_sslserver_nickname' instead. >WARNING: The 'pki_ssl_server_subject_dn' in [CA] has been deprecated. Use 'pki_sslserver_subject_dn' instead. >Installing CA into /var/lib/pki/pki-tomcat. >Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. > > ========================================================================== > INSTALLATION SUMMARY > ========================================================================== > > Administrator's username: admin > Administrator's PKCS #12 file: > /root/ca-agent.p12 > > To check the status of the subsystem: > systemctl status pki-tomcatd@pki-tomcat.service > > To restart the subsystem: > systemctl restart pki-tomcatd@pki-tomcat.service > > The URL for the subsystem is: > https://master.sdrhel76.test:8443/ca > > PKI instances will be enabled upon system boot > > ========================================================================== > > >2018-09-19T05:35:14Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present. > >2018-09-19T05:35:14Z DEBUG completed creating ca instance >2018-09-19T05:35:14Z DEBUG duration: 84 seconds >2018-09-19T05:35:14Z DEBUG [2/28]: exporting Dogtag certificate store pin >2018-09-19T05:35:14Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-09-19T05:35:14Z DEBUG duration: 0 seconds >2018-09-19T05:35:14Z DEBUG [3/28]: stopping certificate server instance to update CS.cfg >2018-09-19T05:35:14Z DEBUG Starting external process >2018-09-19T05:35:14Z DEBUG args=/bin/systemctl stop pki-tomcatd@pki-tomcat.service >2018-09-19T05:35:15Z DEBUG Process finished, return code=0 >2018-09-19T05:35:15Z DEBUG stdout= >2018-09-19T05:35:15Z DEBUG stderr= >2018-09-19T05:35:15Z DEBUG Stop of pki-tomcatd@pki-tomcat.service complete >2018-09-19T05:35:15Z DEBUG duration: 1 seconds >2018-09-19T05:35:15Z DEBUG [4/28]: backing up CS.cfg >2018-09-19T05:35:15Z DEBUG Starting external process >2018-09-19T05:35:15Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service >2018-09-19T05:35:15Z DEBUG Process finished, return code=3 >2018-09-19T05:35:15Z DEBUG stdout=unknown > >2018-09-19T05:35:15Z DEBUG stderr= >2018-09-19T05:35:15Z DEBUG duration: 0 seconds >2018-09-19T05:35:15Z DEBUG [5/28]: disabling nonces >2018-09-19T05:35:15Z DEBUG duration: 0 seconds >2018-09-19T05:35:15Z DEBUG [6/28]: set up CRL publishing >2018-09-19T05:35:15Z DEBUG Starting external process >2018-09-19T05:35:15Z DEBUG args=/usr/sbin/selinuxenabled >2018-09-19T05:35:15Z DEBUG Process finished, return code=0 >2018-09-19T05:35:15Z DEBUG stdout= >2018-09-19T05:35:15Z DEBUG stderr= >2018-09-19T05:35:15Z DEBUG Starting external process >2018-09-19T05:35:15Z DEBUG args=/sbin/restorecon /var/lib/ipa/pki-ca/publish >2018-09-19T05:35:15Z DEBUG Process finished, return code=0 >2018-09-19T05:35:15Z DEBUG stdout= >2018-09-19T05:35:15Z DEBUG stderr= >2018-09-19T05:35:16Z DEBUG duration: 0 seconds >2018-09-19T05:35:16Z DEBUG [7/28]: enable PKIX certificate path discovery and validation >2018-09-19T05:35:16Z DEBUG duration: 0 seconds >2018-09-19T05:35:16Z DEBUG [8/28]: starting certificate server instance >2018-09-19T05:35:16Z DEBUG Starting external process >2018-09-19T05:35:16Z DEBUG args=/bin/systemctl start pki-tomcatd@pki-tomcat.service >2018-09-19T05:35:17Z DEBUG Process finished, return code=0 >2018-09-19T05:35:17Z DEBUG stdout= >2018-09-19T05:35:17Z DEBUG stderr= >2018-09-19T05:35:17Z DEBUG Starting external process >2018-09-19T05:35:17Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service >2018-09-19T05:35:17Z DEBUG Process finished, return code=0 >2018-09-19T05:35:17Z DEBUG stdout=active > >2018-09-19T05:35:17Z DEBUG stderr= >2018-09-19T05:35:17Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 >2018-09-19T05:35:17Z DEBUG waiting for port: 8080 >2018-09-19T05:35:17Z DEBUG Failed to connect to port 8080 tcp on ::1 >2018-09-19T05:35:17Z DEBUG Failed to connect to port 8080 tcp on 127.0.0.1 >2018-09-19T05:35:19Z DEBUG SUCCESS: port: 8080 >2018-09-19T05:35:19Z DEBUG waiting for port: 8443 >2018-09-19T05:35:19Z DEBUG SUCCESS: port: 8443 >2018-09-19T05:35:19Z DEBUG Start of pki-tomcatd@pki-tomcat.service complete >2018-09-19T05:35:19Z DEBUG Waiting until the CA is running >2018-09-19T05:35:19Z DEBUG request POST http://master.sdrhel76.test:8080/ca/admin/ca/getStatus >2018-09-19T05:35:19Z DEBUG request body '' >2018-09-19T05:35:31Z DEBUG response status 200 >2018-09-19T05:35:31Z DEBUG response headers Server: Apache-Coyote/1.1 >Content-Type: application/xml >Content-Length: 167 >Date: Wed, 19 Sep 2018 05:35:31 GMT > >2018-09-19T05:35:31Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.5.9-6.el7</Version></XMLResponse>' >2018-09-19T05:35:32Z DEBUG The CA status is: running >2018-09-19T05:35:32Z DEBUG duration: 15 seconds >2018-09-19T05:35:32Z DEBUG [9/28]: configure certmonger for renewals >2018-09-19T05:35:32Z DEBUG Starting external process >2018-09-19T05:35:32Z DEBUG args=/bin/systemctl enable certmonger.service >2018-09-19T05:35:32Z DEBUG Process finished, return code=0 >2018-09-19T05:35:32Z DEBUG stdout= >2018-09-19T05:35:32Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service. > >2018-09-19T05:35:32Z DEBUG Starting external process >2018-09-19T05:35:32Z DEBUG args=/bin/systemctl start messagebus.service >2018-09-19T05:35:32Z DEBUG Process finished, return code=0 >2018-09-19T05:35:32Z DEBUG stdout= >2018-09-19T05:35:32Z DEBUG stderr= >2018-09-19T05:35:32Z DEBUG Starting external process >2018-09-19T05:35:32Z DEBUG args=/bin/systemctl is-active messagebus.service >2018-09-19T05:35:32Z DEBUG Process finished, return code=0 >2018-09-19T05:35:32Z DEBUG stdout=active > >2018-09-19T05:35:32Z DEBUG stderr= >2018-09-19T05:35:32Z DEBUG Start of messagebus.service complete >2018-09-19T05:35:32Z DEBUG Starting external process >2018-09-19T05:35:32Z DEBUG args=/bin/systemctl start certmonger.service >2018-09-19T05:35:32Z DEBUG Process finished, return code=0 >2018-09-19T05:35:32Z DEBUG stdout= >2018-09-19T05:35:32Z DEBUG stderr= >2018-09-19T05:35:32Z DEBUG Starting external process >2018-09-19T05:35:32Z DEBUG args=/bin/systemctl is-active certmonger.service >2018-09-19T05:35:32Z DEBUG Process finished, return code=0 >2018-09-19T05:35:32Z DEBUG stdout=active > >2018-09-19T05:35:32Z DEBUG stderr= >2018-09-19T05:35:32Z DEBUG Start of certmonger.service complete >2018-09-19T05:35:32Z DEBUG duration: 0 seconds >2018-09-19T05:35:32Z DEBUG [10/28]: requesting RA certificate from CA >2018-09-19T05:35:32Z DEBUG Starting external process >2018-09-19T05:35:32Z DEBUG args=/usr/bin/openssl pkcs7 -inform DER -print_certs -out /var/lib/ipa/tmpMbynpD >2018-09-19T05:35:33Z DEBUG Process finished, return code=0 >2018-09-19T05:35:33Z DEBUG stdout= >2018-09-19T05:35:33Z DEBUG stderr= >2018-09-19T05:35:33Z DEBUG Starting external process >2018-09-19T05:35:33Z DEBUG args=/usr/bin/openssl pkcs12 -nokeys -clcerts -in /root/ca-agent.p12 -out /var/lib/ipa/tmpNNEy7N -passin file:/tmp/tmpY4vXlm >2018-09-19T05:35:39Z DEBUG Process finished, return code=0 >2018-09-19T05:35:39Z DEBUG stdout= >2018-09-19T05:35:39Z DEBUG stderr=MAC verified OK > >2018-09-19T05:35:39Z DEBUG Starting external process >2018-09-19T05:35:39Z DEBUG args=/usr/bin/openssl pkcs12 -nodes -nocerts -in /root/ca-agent.p12 -out /var/lib/ipa/tmpTQ94Au -passin file:/tmp/tmpWXlCEt >2018-09-19T05:35:50Z DEBUG Process finished, return code=0 >2018-09-19T05:35:50Z DEBUG stdout= >2018-09-19T05:35:50Z DEBUG stderr=MAC verified OK > >2018-09-19T05:35:52Z DEBUG certmonger request is in state dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1) >2018-09-19T05:35:57Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) >2018-09-19T05:36:02Z DEBUG certmonger request is in state dbus.String(u'PRE_SAVE_CERT', variant_level=1) >2018-09-19T05:36:07Z DEBUG certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1) >2018-09-19T05:36:12Z DEBUG certmonger request is in state dbus.String(u'MONITORING', variant_level=1) >2018-09-19T05:36:12Z DEBUG Cert request 20180919053552 was successful >2018-09-19T05:36:12Z DEBUG Starting external process >2018-09-19T05:36:12Z DEBUG args=/usr/sbin/selinuxenabled >2018-09-19T05:36:12Z DEBUG Process finished, return code=0 >2018-09-19T05:36:12Z DEBUG stdout= >2018-09-19T05:36:12Z DEBUG stderr= >2018-09-19T05:36:12Z DEBUG Starting external process >2018-09-19T05:36:12Z DEBUG args=/sbin/restorecon /var/lib/ipa/ra-agent.pem >2018-09-19T05:36:12Z DEBUG Process finished, return code=0 >2018-09-19T05:36:12Z DEBUG stdout= >2018-09-19T05:36:12Z DEBUG stderr= >2018-09-19T05:36:12Z DEBUG Starting external process >2018-09-19T05:36:12Z DEBUG args=/usr/sbin/selinuxenabled >2018-09-19T05:36:12Z DEBUG Process finished, return code=0 >2018-09-19T05:36:12Z DEBUG stdout= >2018-09-19T05:36:12Z DEBUG stderr= >2018-09-19T05:36:12Z DEBUG Starting external process >2018-09-19T05:36:12Z DEBUG args=/sbin/restorecon /var/lib/ipa/ra-agent.key >2018-09-19T05:36:12Z DEBUG Process finished, return code=0 >2018-09-19T05:36:12Z DEBUG stdout= >2018-09-19T05:36:12Z DEBUG stderr= >2018-09-19T05:36:13Z DEBUG duration: 40 seconds >2018-09-19T05:36:13Z DEBUG [11/28]: setting audit signing renewal to 2 years >2018-09-19T05:36:13Z DEBUG caSignedLogCert.cfg profile validity range is 720 >2018-09-19T05:36:13Z DEBUG duration: 0 seconds >2018-09-19T05:36:13Z DEBUG [12/28]: restarting certificate server >2018-09-19T05:36:13Z DEBUG Starting external process >2018-09-19T05:36:13Z DEBUG args=/bin/systemctl restart pki-tomcatd@pki-tomcat.service >2018-09-19T05:36:35Z DEBUG Process finished, return code=0 >2018-09-19T05:36:35Z DEBUG stdout= >2018-09-19T05:36:35Z DEBUG stderr= >2018-09-19T05:36:35Z DEBUG Starting external process >2018-09-19T05:36:35Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service >2018-09-19T05:36:35Z DEBUG Process finished, return code=0 >2018-09-19T05:36:35Z DEBUG stdout=active > >2018-09-19T05:36:35Z DEBUG stderr= >2018-09-19T05:36:35Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 >2018-09-19T05:36:35Z DEBUG waiting for port: 8080 >2018-09-19T05:36:35Z DEBUG Failed to connect to port 8080 tcp on ::1 >2018-09-19T05:36:35Z DEBUG Failed to connect to port 8080 tcp on 127.0.0.1 >2018-09-19T05:36:39Z DEBUG SUCCESS: port: 8080 >2018-09-19T05:36:39Z DEBUG waiting for port: 8443 >2018-09-19T05:36:39Z DEBUG SUCCESS: port: 8443 >2018-09-19T05:36:39Z DEBUG Restart of pki-tomcatd@pki-tomcat.service complete >2018-09-19T05:36:39Z DEBUG Waiting until the CA is running >2018-09-19T05:36:39Z DEBUG request POST http://master.sdrhel76.test:8080/ca/admin/ca/getStatus >2018-09-19T05:36:39Z DEBUG request body '' >2018-09-19T05:36:51Z DEBUG response status 200 >2018-09-19T05:36:51Z DEBUG response headers Server: Apache-Coyote/1.1 >Content-Type: application/xml >Content-Length: 167 >Date: Wed, 19 Sep 2018 05:36:51 GMT > >2018-09-19T05:36:51Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.5.9-6.el7</Version></XMLResponse>' >2018-09-19T05:36:51Z DEBUG The CA status is: running >2018-09-19T05:36:51Z DEBUG duration: 38 seconds >2018-09-19T05:36:51Z DEBUG [13/28]: publishing the CA certificate >2018-09-19T05:36:51Z DEBUG duration: 0 seconds >2018-09-19T05:36:51Z DEBUG [14/28]: adding RA agent as a trusted user >2018-09-19T05:36:51Z DEBUG Created connection context.ldap2_139871387504400 >2018-09-19T05:36:51Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket from SchemaCache >2018-09-19T05:36:51Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-SDRHEL76-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f365919d7e8> >2018-09-19T05:36:52Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Certificate Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember >2018-09-19T05:36:52Z DEBUG Unhandled LDAPError: PROTOCOL_ERROR: {'desc': 'Protocol error'} >2018-09-19T05:36:52Z DEBUG Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 570, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 560, in run_step > method() > File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 812, in __create_ca_agent > conn.add_entry_to_group(user_dn, group_dn, 'uniqueMember') > File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 406, in add_entry_to_group > entry = self.get_entry(dn, ['']) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1554, in get_entry > size_limit=size_limit, get_effective_rights=get_effective_rights, > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1366, in get_entries > **kwargs) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1504, in find_entries > break > File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ > self.gen.throw(type, value, traceback) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1078, in error_handler > raise errors.DatabaseError(desc=desc, info=info) >DatabaseError: Protocol error: > >2018-09-19T05:36:52Z DEBUG [error] DatabaseError: Protocol error: >2018-09-19T05:36:52Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute > return_value = self.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run > return cfgr.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 364, in run > return self.execute() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 389, in execute > for rval in self._executor(): > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner > exc_handler(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 658, in _configure > next(executor) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner > exc_handler(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install > for unused in self._installer(self.parent): > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 583, in main > master_install(self) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 250, in decorated > func(installer) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 812, in install > ca.install_step_0(False, None, options, custodia=custodia) > File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 303, in install_step_0 > use_ldaps=standalone) > File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 475, in configure_instance > self.start_creation(runtime=runtime) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 570, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 560, in run_step > method() > File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 812, in __create_ca_agent > conn.add_entry_to_group(user_dn, group_dn, 'uniqueMember') > File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 406, in add_entry_to_group > entry = self.get_entry(dn, ['']) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1554, in get_entry > size_limit=size_limit, get_effective_rights=get_effective_rights, > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1366, in get_entries > **kwargs) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1504, in find_entries > break > File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ > self.gen.throw(type, value, traceback) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1078, in error_handler > raise errors.DatabaseError(desc=desc, info=info) > >2018-09-19T05:36:52Z DEBUG The ipa-server-install command failed, exception: DatabaseError: Protocol error: >2018-09-19T05:36:52Z ERROR Protocol error: >2018-09-19T05:36:52Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1484576">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1630680
: 1484576