Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 599821 Details for
Bug 842374
Can't run ipa-server-install in %post section of kickstart file
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
ipaserver-install log file
ipaserver-install.log (text/x-log), 384.74 KB, created by
Anthony Green
on 2012-07-23 15:52:09 UTC
(
hide
)
Description:
ipaserver-install log file
Filename:
MIME Type:
Creator:
Anthony Green
Created:
2012-07-23 15:52:09 UTC
Size:
384.74 KB
patch
obsolete
>2012-07-23T15:31:05Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2012-07-23T15:31:05Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2012-07-23T15:31:05Z DEBUG httpd is not configured >2012-07-23T15:31:05Z DEBUG kadmin is not configured >2012-07-23T15:31:05Z DEBUG dirsrv is not configured >2012-07-23T15:31:05Z DEBUG pki-cad is not configured >2012-07-23T15:31:05Z DEBUG pkids is not configured >2012-07-23T15:31:05Z DEBUG install is not configured >2012-07-23T15:31:05Z DEBUG krb5kdc is not configured >2012-07-23T15:31:05Z DEBUG ntpd is not configured >2012-07-23T15:31:05Z DEBUG named is not configured >2012-07-23T15:31:05Z DEBUG ipa_memcached is not configured >2012-07-23T15:31:05Z DEBUG filestore is tracking no files >2012-07-23T15:31:05Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' >2012-07-23T15:31:05Z DEBUG /usr/sbin/ipa-server-install was invoked with options: {'zone_refresh': 30, 'reverse_zone': None, 'realm_name': 'ATGREEN.ORG', 'create_sshfp': True, 'conf_sshd': False, 'conf_ntp': False, 'subject': None, 'no_forwarders': True, 'ui_redirect': True, 'domain_name': 'atgreen.org', 'idmax': 0, 'hbac_allow': False, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended': True, 'selfsign': False, 'trust_sshfp': False, 'external_ca_file': None, 'no_host_dns': False, 'http_pkcs12': None, 'forwarders': None, 'idstart': 292800000, 'external_ca': False, 'ip_address': None, 'conf_ssh': False, 'zonemgr': None, 'setup_dns': True, 'host_name': 'ipa.atgreen.org', 'debug': True, 'external_cert_file': None, 'uninstall': False} >2012-07-23T15:31:05Z DEBUG missing options might be asked for interactively later > >2012-07-23T15:31:05Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2012-07-23T15:31:05Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2012-07-23T15:31:05Z DEBUG will use host_name: ipa.atgreen.org > >2012-07-23T15:31:05Z DEBUG args=/sbin/ip -family inet -oneline address show >2012-07-23T15:31:05Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo >2: eth0 inet 10.0.0.99/24 brd 10.0.0.255 scope global eth0 >3: eth1 inet 192.168.122.174/24 brd 192.168.122.255 scope global eth1 > >2012-07-23T15:31:05Z DEBUG stderr= >2012-07-23T15:31:05Z DEBUG will use dns_forwarders: () > >2012-07-23T15:31:05Z DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'... >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py' >2012-07-23T15:31:05Z DEBUG args=klist -V >2012-07-23T15:31:05Z DEBUG stdout=Kerberos 5 version 1.9 > >2012-07-23T15:31:05Z DEBUG stderr= >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py' >2012-07-23T15:31:05Z DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipaserver/install/plugins'... >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/baseupdate.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/dns.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/fix_replica_memberof.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/rename_managed.py' >2012-07-23T15:31:05Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py' >2012-07-23T15:31:06Z DEBUG args=/usr/sbin/groupadd -r dirsrv >2012-07-23T15:31:06Z DEBUG stdout= >2012-07-23T15:31:06Z DEBUG stderr= >2012-07-23T15:31:06Z DEBUG done adding DS group >2012-07-23T15:31:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2012-07-23T15:31:06Z DEBUG Configuring directory server for the CA: Estimated time 30 seconds >2012-07-23T15:31:06Z DEBUG [1/3]: creating directory server user >2012-07-23T15:31:06Z DEBUG adding ds user pkisrv >2012-07-23T15:31:06Z DEBUG args=/usr/sbin/useradd -g dirsrv -c PKI DS System User -d /var/lib/dirsrv -s /sbin/nologin -M -r pkisrv >2012-07-23T15:31:06Z DEBUG stdout= >2012-07-23T15:31:06Z DEBUG stderr= >2012-07-23T15:31:06Z DEBUG done adding user >2012-07-23T15:31:06Z DEBUG duration: 0 seconds >2012-07-23T15:31:06Z DEBUG [2/3]: creating directory server instance >2012-07-23T15:31:06Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2012-07-23T15:31:06Z DEBUG writing inf template >2012-07-23T15:31:06Z DEBUG >[General] >FullMachineName= ipa.atgreen.org >SuiteSpotUserID= pkisrv >SuiteSpotGroup= dirsrv >ServerRoot= /usr/lib64/dirsrv >[slapd] >ServerPort= 7389 >ServerIdentifier= PKI-IPA >Suffix= dc=atgreen,dc=org >RootDN= cn=Directory Manager > >2012-07-23T15:31:06Z DEBUG calling setup-ds.pl >2012-07-23T15:31:43Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpImAn12 >2012-07-23T15:31:43Z DEBUG stdout=[12/07/23:11:31:43] - [Setup] Info Your new DS instance 'PKI-IPA' was successfully created. >Your new DS instance 'PKI-IPA' was successfully created. >[12/07/23:11:31:43] - [Setup] Success Exiting . . . >Log file is '-' > >Exiting . . . >Log file is '-' > > >2012-07-23T15:31:43Z DEBUG stderr= >2012-07-23T15:31:43Z DEBUG completed creating ds instance >2012-07-23T15:31:43Z DEBUG duration: 37 seconds >2012-07-23T15:31:43Z DEBUG [3/3]: restarting directory server >2012-07-23T15:31:46Z DEBUG args=/sbin/service dirsrv restart PKI-IPA >2012-07-23T15:31:46Z DEBUG stdout=Shutting down dirsrv: > PKI-IPA...[60G[[0;32m OK [0;39m] >Starting dirsrv: > PKI-IPA...[60G[[0;32m OK [0;39m] > >2012-07-23T15:31:46Z DEBUG stderr= >2012-07-23T15:31:46Z DEBUG args=/sbin/service dirsrv status PKI-IPA >2012-07-23T15:31:46Z DEBUG stdout=dirsrv PKI-IPA (pid 11278) is running... > >2012-07-23T15:31:46Z DEBUG stderr= >2012-07-23T15:31:46Z DEBUG duration: 2 seconds >2012-07-23T15:31:46Z DEBUG done configuring pkids. >2012-07-23T15:31:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2012-07-23T15:31:46Z DEBUG Configuring certificate server: Estimated time 3 minutes 30 seconds >2012-07-23T15:31:46Z DEBUG [1/18]: creating certificate server user >2012-07-23T15:31:46Z DEBUG adding ca user pkiuser >2012-07-23T15:31:46Z DEBUG args=/usr/sbin/useradd -c CA System User -d /var/lib -s /sbin/nologin -M -r pkiuser >2012-07-23T15:31:46Z DEBUG stdout= >2012-07-23T15:31:46Z DEBUG stderr= >2012-07-23T15:31:46Z DEBUG done adding user >2012-07-23T15:31:46Z DEBUG duration: 0 seconds >2012-07-23T15:31:46Z DEBUG [2/18]: creating pki-ca instance >2012-07-23T15:31:56Z DEBUG args=/usr/bin/pkicreate -pki_instance_root /var/lib -pki_instance_name pki-ca -subsystem_type ca -agent_secure_port 9443 -ee_secure_port 9444 -admin_secure_port 9445 -ee_secure_client_auth_port 9446 -unsecure_port 9180 -tomcat_server_port 9701 -redirect conf=/etc/pki-ca -redirect logs=/var/log/pki-ca -enable_proxy >2012-07-23T15:31:56Z DEBUG stdout=PKI instance creation Utility ... > >Capturing installation information in /var/log/pki-ca-install.log > >PKI instance creation completed ... > >Installation information recorded in /var/log/pki-ca-install.log. >Before proceeding with the configuration, make sure >the firewall settings of this machine permit proper >access to this subsystem. > >Please start the configuration by accessing: > >https://ipa.atgreen.org:9445/ca/admin/console/config/login?pin=V31VceXpXHxgGHix4SIP > >After configuration, the server can be operated by the command: > > /sbin/service pki-cad restart pki-ca > > >2012-07-23T15:31:56Z DEBUG stderr= >2012-07-23T15:31:56Z DEBUG duration: 10 seconds >2012-07-23T15:31:56Z DEBUG [3/18]: configuring certificate server instance >2012-07-23T15:32:25Z DEBUG args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname ipa.atgreen.org -cs_port 9445 -client_certdb_dir /tmp/tmp-CTHPP0 -client_certdb_pwd XXXXXXXX -preop_pin V31VceXpXHxgGHix4SIP -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=ATGREEN.ORG -ldap_host ipa.atgreen.org -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=ATGREEN.ORG -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=ATGREEN.ORG -ca_server_cert_subject_name CN=ipa.atgreen.org,O=ATGREEN.ORG -ca_audit_signing_cert_subject_name CN=CA Audit,O=ATGREEN.ORG -ca_sign_cert_subject_name CN=Certificate Authority,O=ATGREEN.ORG -external false -clone false >2012-07-23T15:32:25Z DEBUG stdout=libpath=/usr/lib64 >####################################################################### >CRYPTO INIT WITH CERTDB:/tmp/tmp-CTHPP0 >tokenpwd:XXXXXXXX >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >in TestCertApprovalCallback.approve() >Peer cert details: > subject: CN=ipa.atgreen.org,O=2012-07-23 11:31:47 > issuer: CN=ipa.atgreen.org,O=2012-07-23 11:31:47 > serial: 0 >item 1 reason=-8156 depth=1 > cert details: > subject: CN=ipa.atgreen.org,O=2012-07-23 11:31:47 > issuer: CN=ipa.atgreen.org,O=2012-07-23 11:31:47 > serial: 0 >item 2 reason=-8172 depth=1 > cert details: > subject: CN=ipa.atgreen.org,O=2012-07-23 11:31:47 > issuer: CN=ipa.atgreen.org,O=2012-07-23 11:31:47 > serial: 0 >importing certificate. >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/login?pin=V31VceXpXHxgGHix4SIP&xml=true >RESPONSE STATUS: HTTP/1.1 302 Moved Temporarily >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Set-Cookie: JSESSIONID=F8A2488EA95BDA9BCEDCCC25A4764741; Path=/ca; Secure >RESPONSE HEADER: Location: https://ipa.atgreen.org:9445/ca/admin/console/config/wizard >RESPONSE HEADER: Content-Type: text/html;charset=UTF-8 >RESPONSE HEADER: Content-Length: 0 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:31:58 GMT >RESPONSE HEADER: Connection: keep-alive >xml returned: >cookie list: JSESSIONID=F8A2488EA95BDA9BCEDCCC25A4764741; Path=/ca; Secure >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=0&op=next&xml=true >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:31:58 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/modulepanel.vm</panel> > <res/> > <showApplyButton/> > <status>display</status> > <subpanelno>2</subpanelno> > <sms> > <Vector> > <Module> > <CommonName>NSS Internal PKCS #11 Module</CommonName> > <UserFriendlyName>NSS Internal PKCS #11 Module</UserFriendlyName> > <ImagePath>../img/clearpixel.gif</ImagePath> > </Module> > <Module> > <CommonName>nfast</CommonName> > <UserFriendlyName>nCipher's nFast Token Hardware Module</UserFriendlyName> > <ImagePath>../img/clearpixel.gif</ImagePath> > </Module> > <Module> > <CommonName>lunasa</CommonName> > <UserFriendlyName>SafeNet's LunaSA Token Hardware Module</UserFriendlyName> > <ImagePath>../img/clearpixel.gif</ImagePath> > </Module> > </Vector> > </sms> > <errorString/> > <size>19</size> > <title>Key Store</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <p>1</p> > <name>CA Setup Wizard</name> > <oms> > <Vector/> > </oms> > <defTok>Internal Key Storage Token</defTok> > <req/> > <panelname>module</panelname> ></response> >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=1&op=next&xml=true&choice=Internal+Key+Storage+Token >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:00 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <machineName>ipa.atgreen.org</machineName> > <panel>admin/console/config/securitydomainpanel.vm</panel> > <res/> > <showApplyButton/> > <initCommand>/sbin/service pki-cad</initCommand> > <sdomainName>Atgreen Domain</sdomainName> > <sdomainURL>https://ipa.atgreen.org:9445</sdomainURL> > <http_ee_port>80</http_ee_port> > <systemname>CA</systemname> > <title>Security Domain</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <sdomainAdminURL>https://ipa.atgreen.org:9445</sdomainAdminURL> > <check_existingdomain/> > <name>CA Setup Wizard</name> > <https_ee_port>443</https_ee_port> > <https_admin_port>443</https_admin_port> > <panelname>securitydomain</panelname> > <https_agent_port>443</https_agent_port> > <cstype>CA</cstype> > <instanceId><security_domain_instance_name></instanceId> > <updateStatus>success</updateStatus> > <errorString/> > <size>19</size> > <p>3</p> > <check_newdomain>checked</check_newdomain> > <req/> > <wizardname>CA Setup Wizard</wizardname> ></response> >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?sdomainURL=https%3A%2F%2Fipa.atgreen.org%3A9445&sdomainName=IPA&choice=newdomain&p=3&op=next&xml=true >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:00 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <machineName>ipa.atgreen.org</machineName> > <panel>admin/console/config/createsubsystempanel.vm</panel> > <res/> > <showApplyButton/> > <disableClone>true</disableClone> > <systemname>CA</systemname> > <title>Subsystem Type</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <check_clonesubsystem/> > <name>CA Setup Wizard</name> > <https_ee_port>443</https_ee_port> > <https_admin_port>443</https_admin_port> > <fullsystemname>Certificate Authority</fullsystemname> > <http_port>80</http_port> > <panelname>subsystem</panelname> > <https_agent_port>443</https_agent_port> > <cstype>CA</cstype> > <check_newsubsystem>checked</check_newsubsystem> > <urls> > <Vector/> > </urls> > <subsystemName>Certificate Authority</subsystemName> > <updateStatus>success</updateStatus> > <errorString/> > <size>19</size> > <p>5</p> > <req/> > <wizardname>CA Setup Wizard</wizardname> ></response> >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=5&op=next&xml=true&choice=newsubsystem&subsystemName=pki-cad >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:00 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/hierarchypanel.vm</panel> > <res/> > <showApplyButton/> > <check_root>checked</check_root> > <updateStatus>success</updateStatus> > <errorString/> > <size>19</size> > <title>PKI Hierarchy</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <name>CA Setup Wizard</name> > <p>8</p> > <req/> > <check_join/> > <panelname>cahierarchy</panelname> ></response> >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=8&op=next&xml=true&choice=root >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:00 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/databasepanel.vm</panel> > <res/> > <clone>new</clone> > <bindpwd>(sensitive)</bindpwd> > <showApplyButton/> > <portStr>389</portStr> > <cloneStartTLS>off</cloneStartTLS> > <updateStatus>success</updateStatus> > <hostname>localhost</hostname> > <errorString/> > <database>ipa.atgreen.org-pki-ca</database> > <binddn>cn=Directory Manager</binddn> > <size>19</size> > <firsttime>true</firsttime> > <title>Internal Database</title> > <secureConn>off</secureConn> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <p>9</p> > <name>CA Setup Wizard</name> > <req/> > <basedn>dc=ipa.atgreen.org-pki-ca</basedn> > <panelname>database</panelname> ></response> >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=9&op=next&xml=true&host=ipa.atgreen.org&port=7389&binddn=cn%3DDirectory+Manager&__bindpwd=XXXXXXXX&basedn=o%3Dipaca&database=ipaca&display=%24displayStr >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:10 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/sizepanel.vm</panel> > <res/> > <ecclist>SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC</ecclist> > <portStr>7389</portStr> > <showApplyButton/> > <cloneStartTLS>off</cloneStartTLS> > <default_keysize>2048</default_keysize> > <firsttime>true</firsttime> > <title>Key Pairs</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <name>CA Setup Wizard</name> > <panelname>size</panelname> > <rsalist>SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA</rsalist> > <subsystemtype>ca</subsystemtype> > <bindpwd>(sensitive)</bindpwd> > <select>new</select> > <default_ecc_curvename>nistp521</default_ecc_curvename> > <updateStatus>success</updateStatus> > <hselect>root</hselect> > <hostname>ipa.atgreen.org</hostname> > <curvelist>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</curvelist> > <database>ipaca</database> > <binddn>cn=Directory Manager</binddn> > <errorString/> > <size>19</size> > <show_signing>true</show_signing> > <secureConn>off</secureConn> > <certs> > <Vector> > <CertReqPair> > <Nickname>caSigningCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request/> > <Certificate/> > <Type/> > <DN/> > <CertPP/> > <KeyOption>default</KeyOption> > </CertReqPair> > <CertReqPair> > <Nickname>ocspSigningCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request/> > <Certificate/> > <Type/> > <DN/> > <CertPP/> > <KeyOption>default</KeyOption> > </CertReqPair> > <CertReqPair> > <Nickname>Server-Cert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request/> > <Certificate/> > <Type/> > <DN/> > <CertPP/> > <KeyOption>default</KeyOption> > </CertReqPair> > <CertReqPair> > <Nickname>subsystemCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request/> > <Certificate/> > <Type/> > <DN/> > <CertPP/> > <KeyOption>default</KeyOption> > </CertReqPair> > <CertReqPair> > <Nickname>auditSigningCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request/> > <Certificate/> > <Type/> > <DN/> > <CertPP/> > <KeyOption>default</KeyOption> > </CertReqPair> > </Vector> > </certs> > <p>10</p> > <basedn>o=ipaca</basedn> > <req/> ></response> >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=10&op=next&xml=true&subsystem_custom_size=2048&subsystem_custom_curvename=nistp256&subsystem_keytype=rsa&subsystem_choice=custom&sslserver_custom_size=2048&sslserver_custom_curvename=nistp256&sslserver_keytype=rsa&sslserver_choice=custom&signing_custom_size=2048&signing_custom_curvename=nistp256&signing_keytype=rsa&signing_choice=custom&signing_keyalgorithm=SHA256withRSA&signing_signingalgorithm=SHA256withRSA&ocsp_signing_custom_size=2048&ocsp_signing_custom_curvename=nistp256&ocsp_signing_keytype=rsa&ocsp_signing_choice=custom&ocsp_signing_signingalgorithm=SHA256withRSA&audit_signing_custom_size=2048&audit_signing_custom_curvename=nistp256&audit_signing_keytype=rsa&audit_signing_choice=custom&custom_size=2048&custom_curvename=nistp256&keytype=rsa&choice=custom&signingalgorithm=SHA256withRSA&keyalgorithm=SHA256withRSA >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:13 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/namepanel.vm</panel> > <res/> > <showApplyButton/> > <select>new</select> > <urls> > <Vector>External CA</Vector> > </urls> > <updateStatus>success</updateStatus> > <isRoot>true</isRoot> > <errorString/> > <size>19</size> > <firsttime>true</firsttime> > <title>Subject Names</title> > <certs> > <Vector> > <CertReqPair> > <Nickname>caSigningCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request/> > <Certificate/> > <Type>selfsign</Type> > <DN>CN=Certificate Authority,OU=pki-ca,O=IPA</DN> > <CertPP/> > <KeyOption/> > </CertReqPair> > <CertReqPair> > <Nickname>ocspSigningCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request/> > <Certificate/> > <Type>local</Type> > <DN>CN=OCSP Signing Certificate,OU=pki-ca,O=IPA</DN> > <CertPP/> > <KeyOption/> > </CertReqPair> > <CertReqPair> > <Nickname>Server-Cert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request/> > <Certificate/> > <Type>local</Type> > <DN>CN=ipa.atgreen.org,OU=pki-ca,O=IPA</DN> > <CertPP/> > <KeyOption/> > </CertReqPair> > <CertReqPair> > <Nickname>subsystemCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request/> > <Certificate/> > <Type>local</Type> > <DN>CN=CA Subsystem Certificate,OU=pki-ca,O=IPA</DN> > <CertPP/> > <KeyOption/> > </CertReqPair> > <CertReqPair> > <Nickname>auditSigningCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request/> > <Certificate/> > <Type>local</Type> > <DN>CN=CA Audit Signing Certificate,OU=pki-ca,O=IPA</DN> > <CertPP/> > <KeyOption/> > </CertReqPair> > </Vector> > </certs> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <p>11</p> > <name>CA Setup Wizard</name> > <req/> > <panelname>subjectname</panelname> ></response> >tag=DN value=CN=Certificate Authority,OU=pki-ca,O=IPA >tag=DN value=CN=OCSP Signing Certificate,OU=pki-ca,O=IPA >tag=DN value=CN=ipa.atgreen.org,OU=pki-ca,O=IPA >tag=DN value=CN=CA Subsystem Certificate,OU=pki-ca,O=IPA >tag=DN value=CN=CA Audit Signing Certificate,OU=pki-ca,O=IPA >default: ca_cert_name=CN=Certificate Authority,OU=pki-ca,O=IPA >default: ocsp_cert_name=CN=OCSP Signing Certificate,OU=pki-ca,O=IPA >default: ca_subsystem_cert_name=CN=CA Subsystem Certificate,OU=pki-ca,O=IPA >default: ca_audit_signing_cert_name=CN=CA Audit Signing Certificate,OU=pki-ca,O=IPA >default: server_cert_name=CN=ipa.atgreen.org,OU=pki-ca,O=IPA >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=11&op=next&xml=true&subsystem=CN%3DCA+Subsystem%2CO%3DATGREEN.ORG&ocsp_signing=CN%3DOCSP+Subsystem%2CO%3DATGREEN.ORG&signing=CN%3DCertificate+Authority%2CO%3DATGREEN.ORG&sslserver=CN%3Dipa.atgreen.org%2CO%3DATGREEN.ORG&audit_signing=CN%3DCA+Audit%2CO%3DATGREEN.ORG&urls=0 >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:21 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/certrequestpanel.vm</panel> > <res/> > <showApplyButton/> > <reqscerts> > <Vector> > <CertReqPair> > <Nickname>caSigningCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request>-----BEGIN CERTIFICATE REQUEST----- >MIICezCCAWMCAQAwNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmljYXRl >IEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjimwXevc4vSkN/m5uB >aWqyt1xT6y3dXD6K9+XFXvSPiLGw2PnRmariHATkEeHP1wRKk64POK4YUp3b0yfXCnsC/QkleA6I >cOVL2K7gUW0YvucmqAQP31J0hLChfFiCsJe+1EDeGPAV8A6om384lt99z6jdJEQkofqAt42Kyiaz >0uTIyhbD8NAdGQGLF7HBdI2BUk9wnzXwpVdMMW8Diytd/pIzhdSkCAhjS25nCMTBiDGSpgvoPgVc >j927npl9zu1xYzhmw/E/8v/93WSjj9Pwl9uUUng3dHqdsb/PO4wtcKEYqQ8JQXkFFtawaFeeS9pe >885co527lnR1CztsCqUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBFyYGNH5lTxAX7txANq7sU >ffvD/jkTBwqWjvkGDVXtybLgWtgcGsBUyv1nh3h7U2XbGvf/PbhZHHDvUBKhUql1Y9Bp7sWfILIj >65jpgggeuEFrcwQiaSyXO1MB9gl7vZEUbWpxz3fSZVcd/DhO/EtkRCe6R33W4ujKRAR1B6cQnh0e >otLUInQ2fnrjdQPttJyFtN8B3th2aAQ7xDCnGTcsRFgvEJJUL8Q93Bj99etNjz1ytad0vcQiUEih >OR9SY/F82Z9tRTN74vxyhdS+2I9CGsAahTJu5SHk5DG+QeFKFVZW3AG9A+bjzaSchIARSj8wsWTO >BCFaFOctWnG3VUhv >-----END CERTIFICATE REQUEST-----</Request> > <Certificate>-----BEGIN CERTIFICATE----- >MIIDizCCAnOgAwIBAgIBATANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxM1oXDTIwMDcyMzE1 >MzIxM1owNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhv >cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjimwXevc4vSkN/m5uBaWqyt1xT >6y3dXD6K9+XFXvSPiLGw2PnRmariHATkEeHP1wRKk64POK4YUp3b0yfXCnsC/QkleA6IcOVL2K7g >UW0YvucmqAQP31J0hLChfFiCsJe+1EDeGPAV8A6om384lt99z6jdJEQkofqAt42Kyiaz0uTIyhbD >8NAdGQGLF7HBdI2BUk9wnzXwpVdMMW8Diytd/pIzhdSkCAhjS25nCMTBiDGSpgvoPgVcj927npl9 >zu1xYzhmw/E/8v/93WSjj9Pwl9uUUng3dHqdsb/PO4wtcKEYqQ8JQXkFFtawaFeeS9pe885co527 >lnR1CztsCqUCAwEAAaOBozCBoDAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jAPBgNV >HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUWZ2ujRkgSEb0LuRba+8LQyNu >CtowPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3JnOjgw >L2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAEq4CMeDJaGOWHrXcPs/ntEuZwFo17oybeLtY15T >FSSOP36CduWnwsrdpAWIE4K+JBAbQJUu3OrEBZ0yJaRzQmN8VwYhq8TcyLvtQykOYueYbnv0GdkA >XaSxs6ShiEZZ7syME3WXXoOOS7I6BkZZxnMljGT6T9n7z9HCtOU5uvJQzkTp9GZuft2mn/15Y3N7 >Qn5wo7qMaNwYeXZZSIbWTTVIYH9InlktXCZCLPCvgA+pc4Cof03TzbYNetNiEiY0ZH8GrbNNbRIZ >Y8Op+eySXIcStwTcM8rvV/eMFTwUgMdo+wW4KP/+HW6WOH3J+n+Wt89VGCkwmJKsxm/sAgFT2dA= >-----END CERTIFICATE-----</Certificate> > <Type>selfsign</Type> > <DN>CN=Certificate Authority,O=ATGREEN.ORG</DN> > <CertPP> Certificate: > Data: > Version: v3 > Serial Number: 0x1 > Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Issuer: CN=Certificate Authority,O=ATGREEN.ORG > Validity: > Not Before: Monday, July 23, 2012 11:32:13 AM EDT America/Toronto > Not After: Thursday, July 23, 2020 11:32:13 AM EDT America/Toronto > Subject: CN=Certificate Authority,O=ATGREEN.ORG > Subject Public Key Info: > Algorithm: RSA - 1.2.840.113549.1.1.1 > Public Key: > Exponent: 65537 > Public Key Modulus: (2048 bits) : > 98:E2:9B:05:DE:BD:CE:2F:4A:43:7F:9B:9B:81:69:6A: > B2:B7:5C:53:EB:2D:DD:5C:3E:8A:F7:E5:C5:5E:F4:8F: > 88:B1:B0:D8:F9:D1:99:AA:E2:1C:04:E4:11:E1:CF:D7: > 04:4A:93:AE:0F:38:AE:18:52:9D:DB:D3:27:D7:0A:7B: > 02:FD:09:25:78:0E:88:70:E5:4B:D8:AE:E0:51:6D:18: > BE:E7:26:A8:04:0F:DF:52:74:84:B0:A1:7C:58:82:B0: > 97:BE:D4:40:DE:18:F0:15:F0:0E:A8:9B:7F:38:96:DF: > 7D:CF:A8:DD:24:44:24:A1:FA:80:B7:8D:8A:CA:26:B3: > D2:E4:C8:CA:16:C3:F0:D0:1D:19:01:8B:17:B1:C1:74: > 8D:81:52:4F:70:9F:35:F0:A5:57:4C:31:6F:03:8B:2B: > 5D:FE:92:33:85:D4:A4:08:08:63:4B:6E:67:08:C4:C1: > 88:31:92:A6:0B:E8:3E:05:5C:8F:DD:BB:9E:99:7D:CE: > ED:71:63:38:66:C3:F1:3F:F2:FF:FD:DD:64:A3:8F:D3: > F0:97:DB:94:52:78:37:74:7A:9D:B1:BF:CF:3B:8C:2D: > 70:A1:18:A9:0F:09:41:79:05:16:D6:B0:68:57:9E:4B: > DA:5E:F3:CE:5C:A3:9D:BB:96:74:75:0B:3B:6C:0A:A5 > Extensions: > Identifier: Authority Key Identifier - 2.5.29.35 > Critical: no > Key Identifier: > 59:9D:AE:8D:19:20:48:46:F4:2E:E4:5B:6B:EF:0B:43: > 23:6E:0A:DA > Identifier: Basic Constraints - 2.5.29.19 > Critical: yes > Is CA: yes > Path Length Constraint: UNLIMITED > Identifier: Key Usage: - 2.5.29.15 > Critical: yes > Key Usage: > Digital Signature > Non Repudiation > Key CertSign > Crl Sign > Identifier: Subject Key Identifier - 2.5.29.14 > Critical: no > Key Identifier: > 59:9D:AE:8D:19:20:48:46:F4:2E:E4:5B:6B:EF:0B:43: > 23:6E:0A:DA > Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 > Critical: no > Access Description: > Method #0: ocsp > Location #0: URIName: http://ipa.atgreen.org:80/ca/ocsp > Signature: > Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Signature: > 4A:B8:08:C7:83:25:A1:8E:58:7A:D7:70:FB:3F:9E:D1: > 2E:67:01:68:D7:BA:32:6D:E2:ED:63:5E:53:15:24:8E: > 3F:7E:82:76:E5:A7:C2:CA:DD:A4:05:88:13:82:BE:24: > 10:1B:40:95:2E:DC:EA:C4:05:9D:32:25:A4:73:42:63: > 7C:57:06:21:AB:C4:DC:C8:BB:ED:43:29:0E:62:E7:98: > 6E:7B:F4:19:D9:00:5D:A4:B1:B3:A4:A1:88:46:59:EE: > CC:8C:13:75:97:5E:83:8E:4B:B2:3A:06:46:59:C6:73: > 25:8C:64:FA:4F:D9:FB:CF:D1:C2:B4:E5:39:BA:F2:50: > CE:44:E9:F4:66:6E:7E:DD:A6:9F:FD:79:63:73:7B:42: > 7E:70:A3:BA:8C:68:DC:18:79:76:59:48:86:D6:4D:35: > 48:60:7F:48:9E:59:2D:5C:26:42:2C:F0:AF:80:0F:A9: > 73:80:A8:7F:4D:D3:CD:B6:0D:7A:D3:62:12:26:34:64: > 7F:06:AD:B3:4D:6D:12:19:63:C3:A9:F9:EC:92:5C:87: > 12:B7:04:DC:33:CA:EF:57:F7:8C:15:3C:14:80:C7:68: > FB:05:B8:28:FF:FE:1D:6E:96:38:7D:C9:FA:7F:96:B7: > CF:55:18:29:30:98:92:AC:C6:6F:EC:02:01:53:D9:D0 > FingerPrint > MD2: > 63:39:68:95:82:C3:57:4D:A7:71:3F:11:D1:F1:86:7C > MD5: > 05:0F:D0:B5:89:92:35:6B:96:15:E8:37:2C:05:43:EA > SHA1: > 37:DD:B6:35:F4:83:12:BF:A2:79:5B:DF:C5:4C:A6:CC: > DF:94:3D:A9 > SHA256: > 55:41:5D:D3:CE:98:58:BE:8D:B4:6C:51:D8:8C:C5:9A: > E9:D4:AC:14:9E:AA:1B:0B:11:9B:AC:77:8C:21:C1:E7 > SHA512: > FB:F3:99:85:B8:F1:85:0F:53:3B:35:D7:71:AC:D2:21: > 58:4A:8D:90:F6:53:F1:00:D4:F4:3B:7B:FB:5D:E9:D2: > C6:19:6A:D1:9F:39:3E:1E:43:34:F8:B6:32:97:26:B6: > 47:BE:35:96:D0:2F:CD:A7:1B:1A:FB:50:CA:AC:19:48 ></CertPP> > <KeyOption/> > </CertReqPair> > <CertReqPair> > <Nickname>ocspSigningCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request>-----BEGIN CERTIFICATE REQUEST----- >MIICdDCCAVwCAQAwLzEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFzAVBgNVBAMTDk9DU1AgU3Vic3lz >dGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArktQnA0cjHwWVTfhzlw8fCvz1VbU >b5uH4GEVc/0+w20h0Tr88wUVjz5nEL/NC1SW3JitUkPglQh1zKG+XyRGe+s8llnSi5NY9aSMJ8Cp >2OXDYFA6S4RgfYW/6JW5lOUzC/UtPRM0OZcSNLzTjRT4RfUuQWl3fXEMJVmLfgxrug9ydWEOM40U >fJxjRRMdr1MAHhaL+Wo+G2+svb5m2rSbNMWvkfuP/nqo4id29N8V5XOvyA/uLv6mBC+YbNRAGKSR >UqFSznUt4EknLQnNLrLaaFYMkECzQUlwYsFUsJixMqXfKKf4wLlDBMdrBjJx3yAvHRB/ItSH8iwW >jYD8nRpYnQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAECecS4gnpWs0WHFLQgVwnfPEHX5Ar31 >J57XtfP6JOK+vRjzltRMxNzSoXbnL06G7kEPvthutMqUEcGg6tJwZ+lorZq7Ugt57PMJtTWVjjvy >rNeMDxu0MBrSPjoXvzrA7jyTY4gZrxjMmCrtajIUNNue0PM/n+inWkSUqRJ+g118G7d9BcR3qeyp >pcpMJoBHRVakXVfPVtmxdDEywko4Q782ewI5puAbIMSjrDxbFDi7FBow3bXr6vENvpQqFiZ04Z5y >JuJ50JHCBRBKsTwH/cFAVtr5yFO1WZ2LH1k+j4ZCLVfxKtip4EYIyPAVMpaTAPt4FK2J8fQNQ//A >oWAw9Cw= >-----END CERTIFICATE REQUEST-----</Request> > <Certificate>-----BEGIN CERTIFICATE----- >MIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOFoXDTE0MDcxMzE1 >MzIxOFowLzEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFzAVBgNVBAMTDk9DU1AgU3Vic3lzdGVtMIIB >IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArktQnA0cjHwWVTfhzlw8fCvz1VbUb5uH4GEV >c/0+w20h0Tr88wUVjz5nEL/NC1SW3JitUkPglQh1zKG+XyRGe+s8llnSi5NY9aSMJ8Cp2OXDYFA6 >S4RgfYW/6JW5lOUzC/UtPRM0OZcSNLzTjRT4RfUuQWl3fXEMJVmLfgxrug9ydWEOM40UfJxjRRMd >r1MAHhaL+Wo+G2+svb5m2rSbNMWvkfuP/nqo4id29N8V5XOvyA/uLv6mBC+YbNRAGKSRUqFSznUt >4EknLQnNLrLaaFYMkECzQUlwYsFUsJixMqXfKKf4wLlDBMdrBjJx3yAvHRB/ItSH8iwWjYD8nRpY >nQIDAQABo4GIMIGFMB8GA1UdIwQYMBaAFFmdro0ZIEhG9C7kW2vvC0MjbgraMA4GA1UdDwEB/wQE >AwIBxjA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6 >ODAvY2Evb2NzcDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAQEAg52KKbdm >jLZLKMfG/I7GwzT1mBCSWKNEB0YAdg06pTjJZvp02Y63r5lVLz/jRevb3YfojE0J+3WrfLyw7Izx >rQaYctOE8AJY0IdX0EDl8tJy74moJXsnNWOBsUfTevLlKbC3NgD92qNXlGxq1+U06lY14eBGD0ww >Ojhqdb2MQ0BsZT5ReYCXmwfuejPMzSqAh7ic7e9/YgMixvDuG+oi1Fl8oJ3n+rQz2M8uBDH8Yl88 >ey0W1d0nbDkysNxJ5c/M8iawDkat3Ab9xxmye1bm6eu9/w3XQXA1hOFSNgwA/ytG3g+2zePLTYGA >Lxfak/EAMmEQ3e0Petpy9tfcBQkQow== >-----END CERTIFICATE-----</Certificate> > <Type>local</Type> > <DN>CN=OCSP Subsystem,O=ATGREEN.ORG</DN> > <CertPP> Certificate: > Data: > Version: v3 > Serial Number: 0x2 > Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Issuer: CN=Certificate Authority,O=ATGREEN.ORG > Validity: > Not Before: Monday, July 23, 2012 11:32:18 AM EDT America/Toronto > Not After: Sunday, July 13, 2014 11:32:18 AM EDT America/Toronto > Subject: CN=OCSP Subsystem,O=ATGREEN.ORG > Subject Public Key Info: > Algorithm: RSA - 1.2.840.113549.1.1.1 > Public Key: > Exponent: 65537 > Public Key Modulus: (2048 bits) : > AE:4B:50:9C:0D:1C:8C:7C:16:55:37:E1:CE:5C:3C:7C: > 2B:F3:D5:56:D4:6F:9B:87:E0:61:15:73:FD:3E:C3:6D: > 21:D1:3A:FC:F3:05:15:8F:3E:67:10:BF:CD:0B:54:96: > DC:98:AD:52:43:E0:95:08:75:CC:A1:BE:5F:24:46:7B: > EB:3C:96:59:D2:8B:93:58:F5:A4:8C:27:C0:A9:D8:E5: > C3:60:50:3A:4B:84:60:7D:85:BF:E8:95:B9:94:E5:33: > 0B:F5:2D:3D:13:34:39:97:12:34:BC:D3:8D:14:F8:45: > F5:2E:41:69:77:7D:71:0C:25:59:8B:7E:0C:6B:BA:0F: > 72:75:61:0E:33:8D:14:7C:9C:63:45:13:1D:AF:53:00: > 1E:16:8B:F9:6A:3E:1B:6F:AC:BD:BE:66:DA:B4:9B:34: > C5:AF:91:FB:8F:FE:7A:A8:E2:27:76:F4:DF:15:E5:73: > AF:C8:0F:EE:2E:FE:A6:04:2F:98:6C:D4:40:18:A4:91: > 52:A1:52:CE:75:2D:E0:49:27:2D:09:CD:2E:B2:DA:68: > 56:0C:90:40:B3:41:49:70:62:C1:54:B0:98:B1:32:A5: > DF:28:A7:F8:C0:B9:43:04:C7:6B:06:32:71:DF:20:2F: > 1D:10:7F:22:D4:87:F2:2C:16:8D:80:FC:9D:1A:58:9D > Extensions: > Identifier: Authority Key Identifier - 2.5.29.35 > Critical: no > Key Identifier: > 59:9D:AE:8D:19:20:48:46:F4:2E:E4:5B:6B:EF:0B:43: > 23:6E:0A:DA > Identifier: Key Usage: - 2.5.29.15 > Critical: yes > Key Usage: > Digital Signature > Non Repudiation > Key CertSign > Crl Sign > Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 > Critical: no > Access Description: > Method #0: ocsp > Location #0: URIName: http://ipa.atgreen.org:80/ca/ocsp > Identifier: Extended Key Usage: - 2.5.29.37 > Critical: no > Extended Key Usage: > OCSPSigning > Signature: > Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Signature: > 83:9D:8A:29:B7:66:8C:B6:4B:28:C7:C6:FC:8E:C6:C3: > 34:F5:98:10:92:58:A3:44:07:46:00:76:0D:3A:A5:38: > C9:66:FA:74:D9:8E:B7:AF:99:55:2F:3F:E3:45:EB:DB: > DD:87:E8:8C:4D:09:FB:75:AB:7C:BC:B0:EC:8C:F1:AD: > 06:98:72:D3:84:F0:02:58:D0:87:57:D0:40:E5:F2:D2: > 72:EF:89:A8:25:7B:27:35:63:81:B1:47:D3:7A:F2:E5: > 29:B0:B7:36:00:FD:DA:A3:57:94:6C:6A:D7:E5:34:EA: > 56:35:E1:E0:46:0F:4C:30:3A:38:6A:75:BD:8C:43:40: > 6C:65:3E:51:79:80:97:9B:07:EE:7A:33:CC:CD:2A:80: > 87:B8:9C:ED:EF:7F:62:03:22:C6:F0:EE:1B:EA:22:D4: > 59:7C:A0:9D:E7:FA:B4:33:D8:CF:2E:04:31:FC:62:5F: > 3C:7B:2D:16:D5:DD:27:6C:39:32:B0:DC:49:E5:CF:CC: > F2:26:B0:0E:46:AD:DC:06:FD:C7:19:B2:7B:56:E6:E9: > EB:BD:FF:0D:D7:41:70:35:84:E1:52:36:0C:00:FF:2B: > 46:DE:0F:B6:CD:E3:CB:4D:81:80:2F:17:DA:93:F1:00: > 32:61:10:DD:ED:0F:7A:DA:72:F6:D7:DC:05:09:10:A3 > FingerPrint > MD2: > DE:87:D1:AD:74:23:72:E2:2E:B6:6A:35:E8:9A:EB:7C > MD5: > 68:A5:02:AE:D8:31:4B:C8:22:F5:F4:EB:1F:7E:9F:DA > SHA1: > 6C:48:3B:74:BB:05:E1:4A:DE:98:64:78:80:99:ED:EF: > 9D:9F:9A:60 > SHA256: > C7:9C:44:EC:7E:87:10:D1:33:0E:4B:B4:1D:E2:0A:C7: > 64:C6:5B:F8:0F:EB:19:CA:21:87:B5:CD:91:CA:29:62 > SHA512: > 27:9B:AB:F3:DE:62:3C:47:5B:A0:B1:BF:6E:0B:DA:72: > A2:7F:2D:49:E9:39:DA:D2:66:B5:4D:5A:06:95:1A:8D: > B8:8D:CF:E3:EF:0C:8C:5E:34:33:26:AE:1A:29:72:A4: > 92:13:17:ED:C5:15:FB:5F:BB:DC:86:B6:F7:8C:C7:B3 ></CertPP> > <KeyOption/> > </CertReqPair> > <CertReqPair> > <Nickname>Server-Cert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request>-----BEGIN CERTIFICATE REQUEST----- >MIICdTCCAV0CAQAwMDEUMBIGA1UEChMLQVRHUkVFTi5PUkcxGDAWBgNVBAMTD2lwYS5hdGdyZWVu >Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMc4vBbzY0wp9reXo25mXgT9rvYj >7XHl+D8cxJPyw63mW5GObBDdn499NTMi1TECVCjSohr3gl7uUy5RBjWnS/0uVPVquZJDNApgrrZP >4o9fklopW25/edU0OXl0FaiX3br0vUka7jwzGfl4HNAzhBOLD1nukeSgB/rY9QUHiHcj45A8LqqN >7C3u9hJKAlndWp0ia/QqDIar0ZLTlufcfeJZNDEUKa7lPZMLDL7DQ9oVMPo3xdLjIv1DQLgTyGET >8XMoGiwXMeDajnu3heqZYFiwwF4b1IUahjShlA9LAtjA5UKAYV7btfD6E2RE8wgaIfBgpOhs3W0m >WX35nE3AackCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBEZ5/jc54xcPfSn8RbJOtMbeN5dyU9 >Axv/ETlE9W9e2vc2yyFraVitVUrxt1DZVvsRgerUhiIap0o9tKW187kPTypA4BZmflX/KeFU3aet >Hqi1lHYs9Ma0Avk0WtqDDqtEGHH68xBZQ/QuPcK9aGpKPYDKXiExrt4ML8GiNQx0oagQ9w+8588g >6Dk8m691uNgBEaCnM2u1Z6KCkqqu9R57t+U2bXnbVTlO6Z4oMY1BhwBwASAyLzZ/SVnMz8YK/ghP >PMNBJCx1vuI15mcJga6om0vHXmY9DQKMATNz5hacV0+AsLbV3vO10eTXzax7Sdjrdy15/pubP1HN >fquwi3Zh >-----END CERTIFICATE REQUEST-----</Request> > <Certificate>-----BEGIN CERTIFICATE----- >MIIDajCCAlKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOFoXDTE0MDcxMzE1 >MzIxOFowMDEUMBIGA1UEChMLQVRHUkVFTi5PUkcxGDAWBgNVBAMTD2lwYS5hdGdyZWVuLm9yZzCC >ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMc4vBbzY0wp9reXo25mXgT9rvYj7XHl+D8c >xJPyw63mW5GObBDdn499NTMi1TECVCjSohr3gl7uUy5RBjWnS/0uVPVquZJDNApgrrZP4o9fklop >W25/edU0OXl0FaiX3br0vUka7jwzGfl4HNAzhBOLD1nukeSgB/rY9QUHiHcj45A8LqqN7C3u9hJK >AlndWp0ia/QqDIar0ZLTlufcfeJZNDEUKa7lPZMLDL7DQ9oVMPo3xdLjIv1DQLgTyGET8XMoGiwX >MeDajnu3heqZYFiwwF4b1IUahjShlA9LAtjA5UKAYV7btfD6E2RE8wgaIfBgpOhs3W0mWX35nE3A >ackCAwEAAaOBiDCBhTAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jA9BggrBgEFBQcB >AQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6ODAvY2Evb2NzcDAOBgNV >HQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBABQsvaQe >mWLgwT09jzgX40x7LZDnF63KH2tZaplhITuOjO4AjnuqAAsP2wYdzPvKl7hrhxdRszPdcre2yjrI >GItJhxsqeB+pP9mh9HkadQkFYMplkmMvfI79Ne2ZwN48FcN5q9CO1oP2LPiujccZHYSmuPj6KKJI >eWlYev8RiusT/v5sDk5UKkCm1MEVoR4xIZ9Xua0C+N+ZEiOrr+jg4OfJv+zqC2NX4+BGus1mf2ag >7d9waB52bmDZsr/dNSuco3mXSZPaRmcPE57/ALtOKpDye5P5KG5vGenrtzRa64jzp7+rxI3mSueG >WjTF2O9vpp3Bx3+ARe3IKhMYaCXNHrk= >-----END CERTIFICATE-----</Certificate> > <Type>local</Type> > <DN>CN=ipa.atgreen.org,O=ATGREEN.ORG</DN> > <CertPP> Certificate: > Data: > Version: v3 > Serial Number: 0x3 > Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Issuer: CN=Certificate Authority,O=ATGREEN.ORG > Validity: > Not Before: Monday, July 23, 2012 11:32:18 AM EDT America/Toronto > Not After: Sunday, July 13, 2014 11:32:18 AM EDT America/Toronto > Subject: CN=ipa.atgreen.org,O=ATGREEN.ORG > Subject Public Key Info: > Algorithm: RSA - 1.2.840.113549.1.1.1 > Public Key: > Exponent: 65537 > Public Key Modulus: (2048 bits) : > C7:38:BC:16:F3:63:4C:29:F6:B7:97:A3:6E:66:5E:04: > FD:AE:F6:23:ED:71:E5:F8:3F:1C:C4:93:F2:C3:AD:E6: > 5B:91:8E:6C:10:DD:9F:8F:7D:35:33:22:D5:31:02:54: > 28:D2:A2:1A:F7:82:5E:EE:53:2E:51:06:35:A7:4B:FD: > 2E:54:F5:6A:B9:92:43:34:0A:60:AE:B6:4F:E2:8F:5F: > 92:5A:29:5B:6E:7F:79:D5:34:39:79:74:15:A8:97:DD: > BA:F4:BD:49:1A:EE:3C:33:19:F9:78:1C:D0:33:84:13: > 8B:0F:59:EE:91:E4:A0:07:FA:D8:F5:05:07:88:77:23: > E3:90:3C:2E:AA:8D:EC:2D:EE:F6:12:4A:02:59:DD:5A: > 9D:22:6B:F4:2A:0C:86:AB:D1:92:D3:96:E7:DC:7D:E2: > 59:34:31:14:29:AE:E5:3D:93:0B:0C:BE:C3:43:DA:15: > 30:FA:37:C5:D2:E3:22:FD:43:40:B8:13:C8:61:13:F1: > 73:28:1A:2C:17:31:E0:DA:8E:7B:B7:85:EA:99:60:58: > B0:C0:5E:1B:D4:85:1A:86:34:A1:94:0F:4B:02:D8:C0: > E5:42:80:61:5E:DB:B5:F0:FA:13:64:44:F3:08:1A:21: > F0:60:A4:E8:6C:DD:6D:26:59:7D:F9:9C:4D:C0:69:C9 > Extensions: > Identifier: Authority Key Identifier - 2.5.29.35 > Critical: no > Key Identifier: > 59:9D:AE:8D:19:20:48:46:F4:2E:E4:5B:6B:EF:0B:43: > 23:6E:0A:DA > Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 > Critical: no > Access Description: > Method #0: ocsp > Location #0: URIName: http://ipa.atgreen.org:80/ca/ocsp > Identifier: Key Usage: - 2.5.29.15 > Critical: yes > Key Usage: > Digital Signature > Non Repudiation > Key Encipherment > Data Encipherment > Identifier: Extended Key Usage: - 2.5.29.37 > Critical: no > Extended Key Usage: > 1.3.6.1.5.5.7.3.1 > Signature: > Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Signature: > 14:2C:BD:A4:1E:99:62:E0:C1:3D:3D:8F:38:17:E3:4C: > 7B:2D:90:E7:17:AD:CA:1F:6B:59:6A:99:61:21:3B:8E: > 8C:EE:00:8E:7B:AA:00:0B:0F:DB:06:1D:CC:FB:CA:97: > B8:6B:87:17:51:B3:33:DD:72:B7:B6:CA:3A:C8:18:8B: > 49:87:1B:2A:78:1F:A9:3F:D9:A1:F4:79:1A:75:09:05: > 60:CA:65:92:63:2F:7C:8E:FD:35:ED:99:C0:DE:3C:15: > C3:79:AB:D0:8E:D6:83:F6:2C:F8:AE:8D:C7:19:1D:84: > A6:B8:F8:FA:28:A2:48:79:69:58:7A:FF:11:8A:EB:13: > FE:FE:6C:0E:4E:54:2A:40:A6:D4:C1:15:A1:1E:31:21: > 9F:57:B9:AD:02:F8:DF:99:12:23:AB:AF:E8:E0:E0:E7: > C9:BF:EC:EA:0B:63:57:E3:E0:46:BA:CD:66:7F:66:A0: > ED:DF:70:68:1E:76:6E:60:D9:B2:BF:DD:35:2B:9C:A3: > 79:97:49:93:DA:46:67:0F:13:9E:FF:00:BB:4E:2A:90: > F2:7B:93:F9:28:6E:6F:19:E9:EB:B7:34:5A:EB:88:F3: > A7:BF:AB:C4:8D:E6:4A:E7:86:5A:34:C5:D8:EF:6F:A6: > 9D:C1:C7:7F:80:45:ED:C8:2A:13:18:68:25:CD:1E:B9 > FingerPrint > MD2: > B4:34:42:37:B6:04:53:C4:66:D7:71:16:92:46:7E:38 > MD5: > 68:B8:8D:1B:EE:8F:06:EA:FC:99:26:1B:F7:94:B9:DB > SHA1: > 99:70:D3:4B:87:E2:A1:31:4A:01:29:BE:19:8C:00:18: > 9F:26:CD:C4 > SHA256: > 1B:E3:29:80:2A:94:93:C6:DF:1E:BC:FF:A7:95:E1:70: > D6:56:ED:5E:F1:DD:E5:5F:13:9C:43:F1:0C:94:D8:97 > SHA512: > 87:4D:24:75:49:04:9E:7D:33:88:25:97:9D:EE:59:5E: > 65:14:1C:28:86:6F:7B:66:FD:8C:8A:EF:F3:71:12:E1: > 91:C1:BC:53:4E:F0:22:2E:51:2D:CB:1D:5F:3A:10:40: > A1:B2:24:D9:00:65:0D:26:7E:6D:47:55:1C:70:AF:B2 ></CertPP> > <KeyOption/> > </CertReqPair> > <CertReqPair> > <Nickname>subsystemCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request>-----BEGIN CERTIFICATE REQUEST----- >MIICcjCCAVoCAQAwLTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFTATBgNVBAMTDENBIFN1YnN5c3Rl >bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCd4PSmNpQdn80j8LDKkyKD1ItF4ETb >7+Z4RDNOf1ZXRVOiBoKsfojpkML04fh7O2/I8DDNZCN6++4CQvCklksMY/Q3TMZhUepG0q25HRG/ >qGJ2z445iYXnNdfBhHIglypmsYKaJFfBLQmEK9j18NJFFiqWueXp2hh0GxF2AHzfswId5sKko7N1 >M2Pr1kklRH312wav+NdsknrJ0N8REkW1aVVLM9CVj/+0AtrdwquL4XSCtTKLUZFItlYC0umarn78 >VqgM1LpBBDL5vc4Cyn8+5FM7IA0d4N0Y7el2pyot9zFjUlPpdCZ0GhCnU38B8EfpH2B4wpbHGBcj >fM1DFK8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQChN70K0ZR8NcrKCfbFpFLJz2Jm/raKW9ry >cj1vJ4gD8WBM7rvWS69+OtubTRSE9AsbhfanXfua6x9vTW8e5HO2k/h6wJncdDhOL8ENtzFJZ1/z >KTLc8EX4dcKRaK+fUMTWEaBfzlinEnzMULpMMaSJDJkfuJiTum6Np8pP+C0HI7AcoJuEoGIPfhU0 >ueernJjKi0YrYMozps7P7gG82AK37t6iYetz2z+e5xubl1E2qAXcOe3HjAlTkcEvpuk05k+Xo6d2 >9dr9EsBjKHnURYmv8vzNaw1X7KbAOYmvGA5mG82tgDSoY1ZBfQXknOdkRZYO/oZfJMjmVfRE8xZP >21BB >-----END CERTIFICATE REQUEST-----</Request> > <Certificate>-----BEGIN CERTIFICATE----- >MIIDcTCCAlmgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOVoXDTE0MDcxMzE1 >MzIxOVowLTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFTATBgNVBAMTDENBIFN1YnN5c3RlbTCCASIw >DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCd4PSmNpQdn80j8LDKkyKD1ItF4ETb7+Z4RDNO >f1ZXRVOiBoKsfojpkML04fh7O2/I8DDNZCN6++4CQvCklksMY/Q3TMZhUepG0q25HRG/qGJ2z445 >iYXnNdfBhHIglypmsYKaJFfBLQmEK9j18NJFFiqWueXp2hh0GxF2AHzfswId5sKko7N1M2Pr1kkl >RH312wav+NdsknrJ0N8REkW1aVVLM9CVj/+0AtrdwquL4XSCtTKLUZFItlYC0umarn78VqgM1LpB >BDL5vc4Cyn8+5FM7IA0d4N0Y7el2pyot9zFjUlPpdCZ0GhCnU38B8EfpH2B4wpbHGBcjfM1DFK8C >AwEAAaOBkjCBjzAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jA9BggrBgEFBQcBAQQx >MC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6ODAvY2Evb2NzcDAOBgNVHQ8B >Af8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IB >AQCUG8VHObYl0XUwSUHGNHZ/eh7RInzMX3o8MjsyJRepu+Wyo5cCH8iq+WZUALCMDNJJnZsPTxMO >D3B8Qc86/c4krVGcIcVwampeYp4ikAqcjst6meHbfcvE326q35Ho+GYp3tSOjKQiWy8gfYJPypuP >TFPkPGn58cgJmmua5e15AfNiowEMVi3xkVz1kEhPHgmg4jkW4Gk29uyTx6K7vrTPTD/2IEW0EL3v >saKNVeZbV94N0ZxV/lcr7wIiRyool4DKLitWUEwMnNLhOiI6/fmEaP53e0UhqDLvpcYG1fzIDAue >9pzPaZVNX8ryBGKJ1Btk1hohWkaLTehqHCfGgjMi >-----END CERTIFICATE-----</Certificate> > <Type>local</Type> > <DN>CN=CA Subsystem,O=ATGREEN.ORG</DN> > <CertPP> Certificate: > Data: > Version: v3 > Serial Number: 0x4 > Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Issuer: CN=Certificate Authority,O=ATGREEN.ORG > Validity: > Not Before: Monday, July 23, 2012 11:32:19 AM EDT America/Toronto > Not After: Sunday, July 13, 2014 11:32:19 AM EDT America/Toronto > Subject: CN=CA Subsystem,O=ATGREEN.ORG > Subject Public Key Info: > Algorithm: RSA - 1.2.840.113549.1.1.1 > Public Key: > Exponent: 65537 > Public Key Modulus: (2048 bits) : > D0:9D:E0:F4:A6:36:94:1D:9F:CD:23:F0:B0:CA:93:22: > 83:D4:8B:45:E0:44:DB:EF:E6:78:44:33:4E:7F:56:57: > 45:53:A2:06:82:AC:7E:88:E9:90:C2:F4:E1:F8:7B:3B: > 6F:C8:F0:30:CD:64:23:7A:FB:EE:02:42:F0:A4:96:4B: > 0C:63:F4:37:4C:C6:61:51:EA:46:D2:AD:B9:1D:11:BF: > A8:62:76:CF:8E:39:89:85:E7:35:D7:C1:84:72:20:97: > 2A:66:B1:82:9A:24:57:C1:2D:09:84:2B:D8:F5:F0:D2: > 45:16:2A:96:B9:E5:E9:DA:18:74:1B:11:76:00:7C:DF: > B3:02:1D:E6:C2:A4:A3:B3:75:33:63:EB:D6:49:25:44: > 7D:F5:DB:06:AF:F8:D7:6C:92:7A:C9:D0:DF:11:12:45: > B5:69:55:4B:33:D0:95:8F:FF:B4:02:DA:DD:C2:AB:8B: > E1:74:82:B5:32:8B:51:91:48:B6:56:02:D2:E9:9A:AE: > 7E:FC:56:A8:0C:D4:BA:41:04:32:F9:BD:CE:02:CA:7F: > 3E:E4:53:3B:20:0D:1D:E0:DD:18:ED:E9:76:A7:2A:2D: > F7:31:63:52:53:E9:74:26:74:1A:10:A7:53:7F:01:F0: > 47:E9:1F:60:78:C2:96:C7:18:17:23:7C:CD:43:14:AF > Extensions: > Identifier: Authority Key Identifier - 2.5.29.35 > Critical: no > Key Identifier: > 59:9D:AE:8D:19:20:48:46:F4:2E:E4:5B:6B:EF:0B:43: > 23:6E:0A:DA > Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 > Critical: no > Access Description: > Method #0: ocsp > Location #0: URIName: http://ipa.atgreen.org:80/ca/ocsp > Identifier: Key Usage: - 2.5.29.15 > Critical: yes > Key Usage: > Digital Signature > Non Repudiation > Key Encipherment > Data Encipherment > Identifier: Extended Key Usage: - 2.5.29.37 > Critical: no > Extended Key Usage: > 1.3.6.1.5.5.7.3.1 > 1.3.6.1.5.5.7.3.2 > Signature: > Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Signature: > 94:1B:C5:47:39:B6:25:D1:75:30:49:41:C6:34:76:7F: > 7A:1E:D1:22:7C:CC:5F:7A:3C:32:3B:32:25:17:A9:BB: > E5:B2:A3:97:02:1F:C8:AA:F9:66:54:00:B0:8C:0C:D2: > 49:9D:9B:0F:4F:13:0E:0F:70:7C:41:CF:3A:FD:CE:24: > AD:51:9C:21:C5:70:6A:6A:5E:62:9E:22:90:0A:9C:8E: > CB:7A:99:E1:DB:7D:CB:C4:DF:6E:AA:DF:91:E8:F8:66: > 29:DE:D4:8E:8C:A4:22:5B:2F:20:7D:82:4F:CA:9B:8F: > 4C:53:E4:3C:69:F9:F1:C8:09:9A:6B:9A:E5:ED:79:01: > F3:62:A3:01:0C:56:2D:F1:91:5C:F5:90:48:4F:1E:09: > A0:E2:39:16:E0:69:36:F6:EC:93:C7:A2:BB:BE:B4:CF: > 4C:3F:F6:20:45:B4:10:BD:EF:B1:A2:8D:55:E6:5B:57: > DE:0D:D1:9C:55:FE:57:2B:EF:02:22:47:2A:28:97:80: > CA:2E:2B:56:50:4C:0C:9C:D2:E1:3A:22:3A:FD:F9:84: > 68:FE:77:7B:45:21:A8:32:EF:A5:C6:06:D5:FC:C8:0C: > 0B:9E:F6:9C:CF:69:95:4D:5F:CA:F2:04:62:89:D4:1B: > 64:D6:1A:21:5A:46:8B:4D:E8:6A:1C:27:C6:82:33:22 > FingerPrint > MD2: > A8:8F:A0:4D:64:D0:D2:BD:98:5F:49:0E:AD:A4:9B:F8 > MD5: > 2F:05:E4:BA:DE:C2:24:DE:BB:A3:B2:63:5B:FE:26:0B > SHA1: > 50:49:4F:DC:5C:05:83:DF:19:3B:13:36:85:14:19:07: > 92:30:E2:E4 > SHA256: > E4:07:AF:DA:43:5E:09:3C:0F:9E:53:13:B2:05:EA:02: > 7B:6F:71:1C:0D:E1:87:55:14:65:4E:78:D9:52:A9:94 > SHA512: > 1C:4F:AA:85:B3:BE:91:8B:A6:A7:A3:13:FE:79:2D:81: > A7:2D:12:EC:91:9F:27:28:2C:FD:70:D3:50:AA:24:68: > A1:E7:8B:6E:C0:EE:D8:C2:3D:73:DC:E2:BA:62:6E:D8: > 0E:94:B6:7F:06:AF:C6:A1:8C:2F:86:9D:30:FB:67:97 ></CertPP> > <KeyOption/> > </CertReqPair> > <CertReqPair> > <Nickname>auditSigningCert cert-pki-ca</Nickname> > <Tokenname>Internal Key Storage Token</Tokenname> > <Request>-----BEGIN CERTIFICATE REQUEST----- >MIICbjCCAVYCAQAwKTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxETAPBgNVBAMTCENBIEF1ZGl0MIIB >IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw6D4/SjLihiNm9XrDg7jF5lVJaU966dBzP2 >uM2GK8DuKN6jrwOSyqTKiQXoI0cjrPAzyBgXCznq+IZfF2WyY3oKQLD46rNY6hf83xzQpzwEUBk+ >175ljboJ9wEFUgr/5ZrbBa0hYbZmoFEPtX/XG3U6ykSOhB6nf+aK5/5bv9YXb10aoGSxyPRIoc5g >dBKTQsEPyHicqbIJe/rmXZ0bnMJxkxdCfEZ+8oLYSMYQyh1x7MnNZBFAOGJfQ/soc0GBBCp5tq+I >HSF5880SRwzm8CbCPVgoXePx54krC1W/gfWn2aaQRpDtvcVskCoP7GXKOsC78eiWtbQ4JwhrCkb3 >UQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBABBpb472bA27Jnat7ruhFM5NISRMWNbnOhuOkNfI >ztLv/BuXmeIg3YsxaEBSTsCLQZwg5p4I3BbddMslgyDig3FCECXt91roFw43fSQLgKysgXJGxBRX >W+tmGtJhqoFFYMwBnvVtK8Gko3zh5usn03Ec52Ry4QKw9GjS7hyhVqPfqvTTo8F0HJqMzwM1cPSm >seUOMQhKzNcJj9tJCYsLsvaTMx/l0I3+dKdrH1+1wQpFnj7WF/bvO3VfKdLxJVVrnyLjLJvhezdG >0IhCwHS2FPWJgSKdJUpFsRpHkunk2sDeARqFWXrpwM1LQ+PGK/C7J8wg8IoZ49lWj4zNG/0SdXE= >-----END CERTIFICATE REQUEST-----</Request> > <Certificate>-----BEGIN CERTIFICATE----- >MIIDTDCCAjSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIyMFoXDTE0MDcxMzE1 >MzIyMFowKTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxETAPBgNVBAMTCENBIEF1ZGl0MIIBIjANBgkq >hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw6D4/SjLihiNm9XrDg7jF5lVJaU966dBzP2uM2GK8Du >KN6jrwOSyqTKiQXoI0cjrPAzyBgXCznq+IZfF2WyY3oKQLD46rNY6hf83xzQpzwEUBk+175ljboJ >9wEFUgr/5ZrbBa0hYbZmoFEPtX/XG3U6ykSOhB6nf+aK5/5bv9YXb10aoGSxyPRIoc5gdBKTQsEP >yHicqbIJe/rmXZ0bnMJxkxdCfEZ+8oLYSMYQyh1x7MnNZBFAOGJfQ/soc0GBBCp5tq+IHSF5880S >Rwzm8CbCPVgoXePx54krC1W/gfWn2aaQRpDtvcVskCoP7GXKOsC78eiWtbQ4JwhrCkb3UQIDAQAB >o3IwcDAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jAOBgNVHQ8BAf8EBAMCBsAwPQYI >KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3JnOjgwL2NhL29j >c3AwDQYJKoZIhvcNAQELBQADggEBAH57mCfQa3uY6ExdPDO3YLCYki6u9o4OoDlelW54U2XuJRO+ >u56tZLTk7yFjSj+72vubcY4ouzzP/Wdl1zIBkmYK3D7PJ6HhW4vxAko/CKkmQbGpxjnpAjYt2p9z >v8kS/0ORwNtHa2WnvDu1x6/BvnF+cTKKeD3CWkE9O1o2VYbTtu+Ayxd+9LTsllI9o/ZuSjPoUv9Y >1uC9TGOJGHo0cVlGkLfMvR+md4r+RnHq1+1e6t2+NnrE4C9kXLp47ucHrpXVF3tJ/agY3aRV+qJv >bs2Rpt5jvUJbqVPbK93ON5FcM3sYHqa7UND5RjbJxnw7tcwxoK/Cp7VLrpuJtFxtvH0= >-----END CERTIFICATE-----</Certificate> > <Type>local</Type> > <DN>CN=CA Audit,O=ATGREEN.ORG</DN> > <CertPP> Certificate: > Data: > Version: v3 > Serial Number: 0x5 > Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Issuer: CN=Certificate Authority,O=ATGREEN.ORG > Validity: > Not Before: Monday, July 23, 2012 11:32:20 AM EDT America/Toronto > Not After: Sunday, July 13, 2014 11:32:20 AM EDT America/Toronto > Subject: CN=CA Audit,O=ATGREEN.ORG > Subject Public Key Info: > Algorithm: RSA - 1.2.840.113549.1.1.1 > Public Key: > Exponent: 65537 > Public Key Modulus: (2048 bits) : > AF:0E:83:E3:F4:A3:2E:28:62:36:6F:57:AC:38:3B:8C: > 5E:65:54:96:94:F7:AE:9D:07:33:F6:B8:CD:86:2B:C0: > EE:28:DE:A3:AF:03:92:CA:A4:CA:89:05:E8:23:47:23: > AC:F0:33:C8:18:17:0B:39:EA:F8:86:5F:17:65:B2:63: > 7A:0A:40:B0:F8:EA:B3:58:EA:17:FC:DF:1C:D0:A7:3C: > 04:50:19:3E:D7:BE:65:8D:BA:09:F7:01:05:52:0A:FF: > E5:9A:DB:05:AD:21:61:B6:66:A0:51:0F:B5:7F:D7:1B: > 75:3A:CA:44:8E:84:1E:A7:7F:E6:8A:E7:FE:5B:BF:D6: > 17:6F:5D:1A:A0:64:B1:C8:F4:48:A1:CE:60:74:12:93: > 42:C1:0F:C8:78:9C:A9:B2:09:7B:FA:E6:5D:9D:1B:9C: > C2:71:93:17:42:7C:46:7E:F2:82:D8:48:C6:10:CA:1D: > 71:EC:C9:CD:64:11:40:38:62:5F:43:FB:28:73:41:81: > 04:2A:79:B6:AF:88:1D:21:79:F3:CD:12:47:0C:E6:F0: > 26:C2:3D:58:28:5D:E3:F1:E7:89:2B:0B:55:BF:81:F5: > A7:D9:A6:90:46:90:ED:BD:C5:6C:90:2A:0F:EC:65:CA: > 3A:C0:BB:F1:E8:96:B5:B4:38:27:08:6B:0A:46:F7:51 > Extensions: > Identifier: Authority Key Identifier - 2.5.29.35 > Critical: no > Key Identifier: > 59:9D:AE:8D:19:20:48:46:F4:2E:E4:5B:6B:EF:0B:43: > 23:6E:0A:DA > Identifier: Key Usage: - 2.5.29.15 > Critical: yes > Key Usage: > Digital Signature > Non Repudiation > Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 > Critical: no > Access Description: > Method #0: ocsp > Location #0: URIName: http://ipa.atgreen.org:80/ca/ocsp > Signature: > Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Signature: > 7E:7B:98:27:D0:6B:7B:98:E8:4C:5D:3C:33:B7:60:B0: > 98:92:2E:AE:F6:8E:0E:A0:39:5E:95:6E:78:53:65:EE: > 25:13:BE:BB:9E:AD:64:B4:E4:EF:21:63:4A:3F:BB:DA: > FB:9B:71:8E:28:BB:3C:CF:FD:67:65:D7:32:01:92:66: > 0A:DC:3E:CF:27:A1:E1:5B:8B:F1:02:4A:3F:08:A9:26: > 41:B1:A9:C6:39:E9:02:36:2D:DA:9F:73:BF:C9:12:FF: > 43:91:C0:DB:47:6B:65:A7:BC:3B:B5:C7:AF:C1:BE:71: > 7E:71:32:8A:78:3D:C2:5A:41:3D:3B:5A:36:55:86:D3: > B6:EF:80:CB:17:7E:F4:B4:EC:96:52:3D:A3:F6:6E:4A: > 33:E8:52:FF:58:D6:E0:BD:4C:63:89:18:7A:34:71:59: > 46:90:B7:CC:BD:1F:A6:77:8A:FE:46:71:EA:D7:ED:5E: > EA:DD:BE:36:7A:C4:E0:2F:64:5C:BA:78:EE:E7:07:AE: > 95:D5:17:7B:49:FD:A8:18:DD:A4:55:FA:A2:6F:6E:CD: > 91:A6:DE:63:BD:42:5B:A9:53:DB:2B:DD:CE:37:91:5C: > 33:7B:18:1E:A6:BB:50:D0:F9:46:36:C9:C6:7C:3B:B5: > CC:31:A0:AF:C2:A7:B5:4B:AE:9B:89:B4:5C:6D:BC:7D > FingerPrint > MD2: > A5:AB:3E:7E:E3:FB:D5:A8:CC:B8:C1:A0:7D:CA:6D:72 > MD5: > 8C:11:3A:EB:F7:86:53:1A:EC:68:2F:61:EC:64:23:50 > SHA1: > 1C:1E:23:CF:AC:3E:33:01:F9:76:DB:BA:92:10:7D:6C: > 64:5A:25:B9 > SHA256: > 67:91:F7:F1:3F:35:51:45:2D:5F:2B:11:00:98:3B:50: > 20:A3:2B:5A:70:4A:64:6F:FE:FB:9E:F2:36:91:79:7E > SHA512: > 6A:CD:8D:A1:F8:27:1A:D7:17:C4:8A:12:5C:90:A7:36: > 26:C9:34:7F:24:A9:F0:C6:AF:E6:0E:9A:7B:EF:6D:7F: > 16:D5:9E:3B:C4:CB:E8:2C:F7:77:9A:E5:0E:38:19:F2: > 57:5E:7E:8B:1F:0C:E8:8A:0B:68:33:4F:CD:74:AB:38 ></CertPP> > <KeyOption/> > </CertReqPair> > </Vector> > </reqscerts> > <status>display</status> > <updateStatus>success</updateStatus> > <errorString/> > <size>19</size> > <title>Requests and Certificates</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <name>CA Setup Wizard</name> > <p>12</p> > <req/> > <panelname>certrequest</panelname> ></response> >tag=Request value=-----BEGIN CERTIFICATE REQUEST----- >MIICezCCAWMCAQAwNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmljYXRl >IEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjimwXevc4vSkN/m5uB >aWqyt1xT6y3dXD6K9+XFXvSPiLGw2PnRmariHATkEeHP1wRKk64POK4YUp3b0yfXCnsC/QkleA6I >cOVL2K7gUW0YvucmqAQP31J0hLChfFiCsJe+1EDeGPAV8A6om384lt99z6jdJEQkofqAt42Kyiaz >0uTIyhbD8NAdGQGLF7HBdI2BUk9wnzXwpVdMMW8Diytd/pIzhdSkCAhjS25nCMTBiDGSpgvoPgVc >j927npl9zu1xYzhmw/E/8v/93WSjj9Pwl9uUUng3dHqdsb/PO4wtcKEYqQ8JQXkFFtawaFeeS9pe >885co527lnR1CztsCqUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBFyYGNH5lTxAX7txANq7sU >ffvD/jkTBwqWjvkGDVXtybLgWtgcGsBUyv1nh3h7U2XbGvf/PbhZHHDvUBKhUql1Y9Bp7sWfILIj >65jpgggeuEFrcwQiaSyXO1MB9gl7vZEUbWpxz3fSZVcd/DhO/EtkRCe6R33W4ujKRAR1B6cQnh0e >otLUInQ2fnrjdQPttJyFtN8B3th2aAQ7xDCnGTcsRFgvEJJUL8Q93Bj99etNjz1ytad0vcQiUEih >OR9SY/F82Z9tRTN74vxyhdS+2I9CGsAahTJu5SHk5DG+QeFKFVZW3AG9A+bjzaSchIARSj8wsWTO >BCFaFOctWnG3VUhv >-----END CERTIFICATE REQUEST----- >tag=Request value=-----BEGIN CERTIFICATE REQUEST----- >MIICdDCCAVwCAQAwLzEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFzAVBgNVBAMTDk9DU1AgU3Vic3lz >dGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArktQnA0cjHwWVTfhzlw8fCvz1VbU >b5uH4GEVc/0+w20h0Tr88wUVjz5nEL/NC1SW3JitUkPglQh1zKG+XyRGe+s8llnSi5NY9aSMJ8Cp >2OXDYFA6S4RgfYW/6JW5lOUzC/UtPRM0OZcSNLzTjRT4RfUuQWl3fXEMJVmLfgxrug9ydWEOM40U >fJxjRRMdr1MAHhaL+Wo+G2+svb5m2rSbNMWvkfuP/nqo4id29N8V5XOvyA/uLv6mBC+YbNRAGKSR >UqFSznUt4EknLQnNLrLaaFYMkECzQUlwYsFUsJixMqXfKKf4wLlDBMdrBjJx3yAvHRB/ItSH8iwW >jYD8nRpYnQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAECecS4gnpWs0WHFLQgVwnfPEHX5Ar31 >J57XtfP6JOK+vRjzltRMxNzSoXbnL06G7kEPvthutMqUEcGg6tJwZ+lorZq7Ugt57PMJtTWVjjvy >rNeMDxu0MBrSPjoXvzrA7jyTY4gZrxjMmCrtajIUNNue0PM/n+inWkSUqRJ+g118G7d9BcR3qeyp >pcpMJoBHRVakXVfPVtmxdDEywko4Q782ewI5puAbIMSjrDxbFDi7FBow3bXr6vENvpQqFiZ04Z5y >JuJ50JHCBRBKsTwH/cFAVtr5yFO1WZ2LH1k+j4ZCLVfxKtip4EYIyPAVMpaTAPt4FK2J8fQNQ//A >oWAw9Cw= >-----END CERTIFICATE REQUEST----- >tag=Request value=-----BEGIN CERTIFICATE REQUEST----- >MIICdTCCAV0CAQAwMDEUMBIGA1UEChMLQVRHUkVFTi5PUkcxGDAWBgNVBAMTD2lwYS5hdGdyZWVu >Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMc4vBbzY0wp9reXo25mXgT9rvYj >7XHl+D8cxJPyw63mW5GObBDdn499NTMi1TECVCjSohr3gl7uUy5RBjWnS/0uVPVquZJDNApgrrZP >4o9fklopW25/edU0OXl0FaiX3br0vUka7jwzGfl4HNAzhBOLD1nukeSgB/rY9QUHiHcj45A8LqqN >7C3u9hJKAlndWp0ia/QqDIar0ZLTlufcfeJZNDEUKa7lPZMLDL7DQ9oVMPo3xdLjIv1DQLgTyGET >8XMoGiwXMeDajnu3heqZYFiwwF4b1IUahjShlA9LAtjA5UKAYV7btfD6E2RE8wgaIfBgpOhs3W0m >WX35nE3AackCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBEZ5/jc54xcPfSn8RbJOtMbeN5dyU9 >Axv/ETlE9W9e2vc2yyFraVitVUrxt1DZVvsRgerUhiIap0o9tKW187kPTypA4BZmflX/KeFU3aet >Hqi1lHYs9Ma0Avk0WtqDDqtEGHH68xBZQ/QuPcK9aGpKPYDKXiExrt4ML8GiNQx0oagQ9w+8588g >6Dk8m691uNgBEaCnM2u1Z6KCkqqu9R57t+U2bXnbVTlO6Z4oMY1BhwBwASAyLzZ/SVnMz8YK/ghP >PMNBJCx1vuI15mcJga6om0vHXmY9DQKMATNz5hacV0+AsLbV3vO10eTXzax7Sdjrdy15/pubP1HN >fquwi3Zh >-----END CERTIFICATE REQUEST----- >tag=Request value=-----BEGIN CERTIFICATE REQUEST----- >MIICcjCCAVoCAQAwLTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFTATBgNVBAMTDENBIFN1YnN5c3Rl >bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCd4PSmNpQdn80j8LDKkyKD1ItF4ETb >7+Z4RDNOf1ZXRVOiBoKsfojpkML04fh7O2/I8DDNZCN6++4CQvCklksMY/Q3TMZhUepG0q25HRG/ >qGJ2z445iYXnNdfBhHIglypmsYKaJFfBLQmEK9j18NJFFiqWueXp2hh0GxF2AHzfswId5sKko7N1 >M2Pr1kklRH312wav+NdsknrJ0N8REkW1aVVLM9CVj/+0AtrdwquL4XSCtTKLUZFItlYC0umarn78 >VqgM1LpBBDL5vc4Cyn8+5FM7IA0d4N0Y7el2pyot9zFjUlPpdCZ0GhCnU38B8EfpH2B4wpbHGBcj >fM1DFK8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQChN70K0ZR8NcrKCfbFpFLJz2Jm/raKW9ry >cj1vJ4gD8WBM7rvWS69+OtubTRSE9AsbhfanXfua6x9vTW8e5HO2k/h6wJncdDhOL8ENtzFJZ1/z >KTLc8EX4dcKRaK+fUMTWEaBfzlinEnzMULpMMaSJDJkfuJiTum6Np8pP+C0HI7AcoJuEoGIPfhU0 >ueernJjKi0YrYMozps7P7gG82AK37t6iYetz2z+e5xubl1E2qAXcOe3HjAlTkcEvpuk05k+Xo6d2 >9dr9EsBjKHnURYmv8vzNaw1X7KbAOYmvGA5mG82tgDSoY1ZBfQXknOdkRZYO/oZfJMjmVfRE8xZP >21BB >-----END CERTIFICATE REQUEST----- >tag=Request value=-----BEGIN CERTIFICATE REQUEST----- >MIICbjCCAVYCAQAwKTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxETAPBgNVBAMTCENBIEF1ZGl0MIIB >IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw6D4/SjLihiNm9XrDg7jF5lVJaU966dBzP2 >uM2GK8DuKN6jrwOSyqTKiQXoI0cjrPAzyBgXCznq+IZfF2WyY3oKQLD46rNY6hf83xzQpzwEUBk+ >175ljboJ9wEFUgr/5ZrbBa0hYbZmoFEPtX/XG3U6ykSOhB6nf+aK5/5bv9YXb10aoGSxyPRIoc5g >dBKTQsEPyHicqbIJe/rmXZ0bnMJxkxdCfEZ+8oLYSMYQyh1x7MnNZBFAOGJfQ/soc0GBBCp5tq+I >HSF5880SRwzm8CbCPVgoXePx54krC1W/gfWn2aaQRpDtvcVskCoP7GXKOsC78eiWtbQ4JwhrCkb3 >UQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBABBpb472bA27Jnat7ruhFM5NISRMWNbnOhuOkNfI >ztLv/BuXmeIg3YsxaEBSTsCLQZwg5p4I3BbddMslgyDig3FCECXt91roFw43fSQLgKysgXJGxBRX >W+tmGtJhqoFFYMwBnvVtK8Gko3zh5usn03Ec52Ry4QKw9GjS7hyhVqPfqvTTo8F0HJqMzwM1cPSm >seUOMQhKzNcJj9tJCYsLsvaTMx/l0I3+dKdrH1+1wQpFnj7WF/bvO3VfKdLxJVVrnyLjLJvhezdG >0IhCwHS2FPWJgSKdJUpFsRpHkunk2sDeARqFWXrpwM1LQ+PGK/C7J8wg8IoZ49lWj4zNG/0SdXE= >-----END CERTIFICATE REQUEST----- >tag=Certificate value=-----BEGIN CERTIFICATE----- >MIIDizCCAnOgAwIBAgIBATANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxM1oXDTIwMDcyMzE1 >MzIxM1owNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhv >cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjimwXevc4vSkN/m5uBaWqyt1xT >6y3dXD6K9+XFXvSPiLGw2PnRmariHATkEeHP1wRKk64POK4YUp3b0yfXCnsC/QkleA6IcOVL2K7g >UW0YvucmqAQP31J0hLChfFiCsJe+1EDeGPAV8A6om384lt99z6jdJEQkofqAt42Kyiaz0uTIyhbD >8NAdGQGLF7HBdI2BUk9wnzXwpVdMMW8Diytd/pIzhdSkCAhjS25nCMTBiDGSpgvoPgVcj927npl9 >zu1xYzhmw/E/8v/93WSjj9Pwl9uUUng3dHqdsb/PO4wtcKEYqQ8JQXkFFtawaFeeS9pe885co527 >lnR1CztsCqUCAwEAAaOBozCBoDAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jAPBgNV >HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUWZ2ujRkgSEb0LuRba+8LQyNu >CtowPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3JnOjgw >L2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAEq4CMeDJaGOWHrXcPs/ntEuZwFo17oybeLtY15T >FSSOP36CduWnwsrdpAWIE4K+JBAbQJUu3OrEBZ0yJaRzQmN8VwYhq8TcyLvtQykOYueYbnv0GdkA >XaSxs6ShiEZZ7syME3WXXoOOS7I6BkZZxnMljGT6T9n7z9HCtOU5uvJQzkTp9GZuft2mn/15Y3N7 >Qn5wo7qMaNwYeXZZSIbWTTVIYH9InlktXCZCLPCvgA+pc4Cof03TzbYNetNiEiY0ZH8GrbNNbRIZ >Y8Op+eySXIcStwTcM8rvV/eMFTwUgMdo+wW4KP/+HW6WOH3J+n+Wt89VGCkwmJKsxm/sAgFT2dA= >-----END CERTIFICATE----- >tag=Certificate value=-----BEGIN CERTIFICATE----- >MIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOFoXDTE0MDcxMzE1 >MzIxOFowLzEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFzAVBgNVBAMTDk9DU1AgU3Vic3lzdGVtMIIB >IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArktQnA0cjHwWVTfhzlw8fCvz1VbUb5uH4GEV >c/0+w20h0Tr88wUVjz5nEL/NC1SW3JitUkPglQh1zKG+XyRGe+s8llnSi5NY9aSMJ8Cp2OXDYFA6 >S4RgfYW/6JW5lOUzC/UtPRM0OZcSNLzTjRT4RfUuQWl3fXEMJVmLfgxrug9ydWEOM40UfJxjRRMd >r1MAHhaL+Wo+G2+svb5m2rSbNMWvkfuP/nqo4id29N8V5XOvyA/uLv6mBC+YbNRAGKSRUqFSznUt >4EknLQnNLrLaaFYMkECzQUlwYsFUsJixMqXfKKf4wLlDBMdrBjJx3yAvHRB/ItSH8iwWjYD8nRpY >nQIDAQABo4GIMIGFMB8GA1UdIwQYMBaAFFmdro0ZIEhG9C7kW2vvC0MjbgraMA4GA1UdDwEB/wQE >AwIBxjA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6 >ODAvY2Evb2NzcDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAQEAg52KKbdm >jLZLKMfG/I7GwzT1mBCSWKNEB0YAdg06pTjJZvp02Y63r5lVLz/jRevb3YfojE0J+3WrfLyw7Izx >rQaYctOE8AJY0IdX0EDl8tJy74moJXsnNWOBsUfTevLlKbC3NgD92qNXlGxq1+U06lY14eBGD0ww >Ojhqdb2MQ0BsZT5ReYCXmwfuejPMzSqAh7ic7e9/YgMixvDuG+oi1Fl8oJ3n+rQz2M8uBDH8Yl88 >ey0W1d0nbDkysNxJ5c/M8iawDkat3Ab9xxmye1bm6eu9/w3XQXA1hOFSNgwA/ytG3g+2zePLTYGA >Lxfak/EAMmEQ3e0Petpy9tfcBQkQow== >-----END CERTIFICATE----- >tag=Certificate value=-----BEGIN CERTIFICATE----- >MIIDajCCAlKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOFoXDTE0MDcxMzE1 >MzIxOFowMDEUMBIGA1UEChMLQVRHUkVFTi5PUkcxGDAWBgNVBAMTD2lwYS5hdGdyZWVuLm9yZzCC >ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMc4vBbzY0wp9reXo25mXgT9rvYj7XHl+D8c >xJPyw63mW5GObBDdn499NTMi1TECVCjSohr3gl7uUy5RBjWnS/0uVPVquZJDNApgrrZP4o9fklop >W25/edU0OXl0FaiX3br0vUka7jwzGfl4HNAzhBOLD1nukeSgB/rY9QUHiHcj45A8LqqN7C3u9hJK >AlndWp0ia/QqDIar0ZLTlufcfeJZNDEUKa7lPZMLDL7DQ9oVMPo3xdLjIv1DQLgTyGET8XMoGiwX >MeDajnu3heqZYFiwwF4b1IUahjShlA9LAtjA5UKAYV7btfD6E2RE8wgaIfBgpOhs3W0mWX35nE3A >ackCAwEAAaOBiDCBhTAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jA9BggrBgEFBQcB >AQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6ODAvY2Evb2NzcDAOBgNV >HQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBABQsvaQe >mWLgwT09jzgX40x7LZDnF63KH2tZaplhITuOjO4AjnuqAAsP2wYdzPvKl7hrhxdRszPdcre2yjrI >GItJhxsqeB+pP9mh9HkadQkFYMplkmMvfI79Ne2ZwN48FcN5q9CO1oP2LPiujccZHYSmuPj6KKJI >eWlYev8RiusT/v5sDk5UKkCm1MEVoR4xIZ9Xua0C+N+ZEiOrr+jg4OfJv+zqC2NX4+BGus1mf2ag >7d9waB52bmDZsr/dNSuco3mXSZPaRmcPE57/ALtOKpDye5P5KG5vGenrtzRa64jzp7+rxI3mSueG >WjTF2O9vpp3Bx3+ARe3IKhMYaCXNHrk= >-----END CERTIFICATE----- >tag=Certificate value=-----BEGIN CERTIFICATE----- >MIIDcTCCAlmgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOVoXDTE0MDcxMzE1 >MzIxOVowLTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFTATBgNVBAMTDENBIFN1YnN5c3RlbTCCASIw >DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCd4PSmNpQdn80j8LDKkyKD1ItF4ETb7+Z4RDNO >f1ZXRVOiBoKsfojpkML04fh7O2/I8DDNZCN6++4CQvCklksMY/Q3TMZhUepG0q25HRG/qGJ2z445 >iYXnNdfBhHIglypmsYKaJFfBLQmEK9j18NJFFiqWueXp2hh0GxF2AHzfswId5sKko7N1M2Pr1kkl >RH312wav+NdsknrJ0N8REkW1aVVLM9CVj/+0AtrdwquL4XSCtTKLUZFItlYC0umarn78VqgM1LpB >BDL5vc4Cyn8+5FM7IA0d4N0Y7el2pyot9zFjUlPpdCZ0GhCnU38B8EfpH2B4wpbHGBcjfM1DFK8C >AwEAAaOBkjCBjzAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jA9BggrBgEFBQcBAQQx >MC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6ODAvY2Evb2NzcDAOBgNVHQ8B >Af8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IB >AQCUG8VHObYl0XUwSUHGNHZ/eh7RInzMX3o8MjsyJRepu+Wyo5cCH8iq+WZUALCMDNJJnZsPTxMO >D3B8Qc86/c4krVGcIcVwampeYp4ikAqcjst6meHbfcvE326q35Ho+GYp3tSOjKQiWy8gfYJPypuP >TFPkPGn58cgJmmua5e15AfNiowEMVi3xkVz1kEhPHgmg4jkW4Gk29uyTx6K7vrTPTD/2IEW0EL3v >saKNVeZbV94N0ZxV/lcr7wIiRyool4DKLitWUEwMnNLhOiI6/fmEaP53e0UhqDLvpcYG1fzIDAue >9pzPaZVNX8ryBGKJ1Btk1hohWkaLTehqHCfGgjMi >-----END CERTIFICATE----- >tag=Certificate value=-----BEGIN CERTIFICATE----- >MIIDTDCCAjSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIyMFoXDTE0MDcxMzE1 >MzIyMFowKTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxETAPBgNVBAMTCENBIEF1ZGl0MIIBIjANBgkq >hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw6D4/SjLihiNm9XrDg7jF5lVJaU966dBzP2uM2GK8Du >KN6jrwOSyqTKiQXoI0cjrPAzyBgXCznq+IZfF2WyY3oKQLD46rNY6hf83xzQpzwEUBk+175ljboJ >9wEFUgr/5ZrbBa0hYbZmoFEPtX/XG3U6ykSOhB6nf+aK5/5bv9YXb10aoGSxyPRIoc5gdBKTQsEP >yHicqbIJe/rmXZ0bnMJxkxdCfEZ+8oLYSMYQyh1x7MnNZBFAOGJfQ/soc0GBBCp5tq+IHSF5880S >Rwzm8CbCPVgoXePx54krC1W/gfWn2aaQRpDtvcVskCoP7GXKOsC78eiWtbQ4JwhrCkb3UQIDAQAB >o3IwcDAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jAOBgNVHQ8BAf8EBAMCBsAwPQYI >KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3JnOjgwL2NhL29j >c3AwDQYJKoZIhvcNAQELBQADggEBAH57mCfQa3uY6ExdPDO3YLCYki6u9o4OoDlelW54U2XuJRO+ >u56tZLTk7yFjSj+72vubcY4ouzzP/Wdl1zIBkmYK3D7PJ6HhW4vxAko/CKkmQbGpxjnpAjYt2p9z >v8kS/0ORwNtHa2WnvDu1x6/BvnF+cTKKeD3CWkE9O1o2VYbTtu+Ayxd+9LTsllI9o/ZuSjPoUv9Y >1uC9TGOJGHo0cVlGkLfMvR+md4r+RnHq1+1e6t2+NnrE4C9kXLp47ucHrpXVF3tJ/agY3aRV+qJv >bs2Rpt5jvUJbqVPbK93ON5FcM3sYHqa7UND5RjbJxnw7tcwxoK/Cp7VLrpuJtFxtvH0= >-----END CERTIFICATE----- >tag=Nickname value=caSigningCert cert-pki-ca >tag=Nickname value=ocspSigningCert cert-pki-ca >tag=Nickname value=Server-Cert cert-pki-ca >tag=Nickname value=subsystemCert cert-pki-ca >tag=Nickname value=auditSigningCert cert-pki-ca >req_list_size=5 >cert_list_size=5 >dn_list_size=5 >ca_cert_name=CN=Certificate Authority,O=ATGREEN.ORG >ocsp_cert_name=CN=OCSP Subsystem,O=ATGREEN.ORG >ca_subsystem_cert_name=CN=CA Subsystem,O=ATGREEN.ORG >server_cert_name=CN=ipa.atgreen.org,O=ATGREEN.ORG >audit_signing_cert_name=CN=CA Audit,O=ATGREEN.ORG >ca_cert_req=-----BEGIN CERTIFICATE REQUEST----- >MIICezCCAWMCAQAwNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmljYXRl >IEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjimwXevc4vSkN/m5uB >aWqyt1xT6y3dXD6K9+XFXvSPiLGw2PnRmariHATkEeHP1wRKk64POK4YUp3b0yfXCnsC/QkleA6I >cOVL2K7gUW0YvucmqAQP31J0hLChfFiCsJe+1EDeGPAV8A6om384lt99z6jdJEQkofqAt42Kyiaz >0uTIyhbD8NAdGQGLF7HBdI2BUk9wnzXwpVdMMW8Diytd/pIzhdSkCAhjS25nCMTBiDGSpgvoPgVc >j927npl9zu1xYzhmw/E/8v/93WSjj9Pwl9uUUng3dHqdsb/PO4wtcKEYqQ8JQXkFFtawaFeeS9pe >885co527lnR1CztsCqUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBFyYGNH5lTxAX7txANq7sU >ffvD/jkTBwqWjvkGDVXtybLgWtgcGsBUyv1nh3h7U2XbGvf/PbhZHHDvUBKhUql1Y9Bp7sWfILIj >65jpgggeuEFrcwQiaSyXO1MB9gl7vZEUbWpxz3fSZVcd/DhO/EtkRCe6R33W4ujKRAR1B6cQnh0e >otLUInQ2fnrjdQPttJyFtN8B3th2aAQ7xDCnGTcsRFgvEJJUL8Q93Bj99etNjz1ytad0vcQiUEih >OR9SY/F82Z9tRTN74vxyhdS+2I9CGsAahTJu5SHk5DG+QeFKFVZW3AG9A+bjzaSchIARSj8wsWTO >BCFaFOctWnG3VUhv >-----END CERTIFICATE REQUEST----- >ocsp_cert_req=-----BEGIN CERTIFICATE REQUEST----- >MIICdDCCAVwCAQAwLzEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFzAVBgNVBAMTDk9DU1AgU3Vic3lz >dGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArktQnA0cjHwWVTfhzlw8fCvz1VbU >b5uH4GEVc/0+w20h0Tr88wUVjz5nEL/NC1SW3JitUkPglQh1zKG+XyRGe+s8llnSi5NY9aSMJ8Cp >2OXDYFA6S4RgfYW/6JW5lOUzC/UtPRM0OZcSNLzTjRT4RfUuQWl3fXEMJVmLfgxrug9ydWEOM40U >fJxjRRMdr1MAHhaL+Wo+G2+svb5m2rSbNMWvkfuP/nqo4id29N8V5XOvyA/uLv6mBC+YbNRAGKSR >UqFSznUt4EknLQnNLrLaaFYMkECzQUlwYsFUsJixMqXfKKf4wLlDBMdrBjJx3yAvHRB/ItSH8iwW >jYD8nRpYnQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAECecS4gnpWs0WHFLQgVwnfPEHX5Ar31 >J57XtfP6JOK+vRjzltRMxNzSoXbnL06G7kEPvthutMqUEcGg6tJwZ+lorZq7Ugt57PMJtTWVjjvy >rNeMDxu0MBrSPjoXvzrA7jyTY4gZrxjMmCrtajIUNNue0PM/n+inWkSUqRJ+g118G7d9BcR3qeyp >pcpMJoBHRVakXVfPVtmxdDEywko4Q782ewI5puAbIMSjrDxbFDi7FBow3bXr6vENvpQqFiZ04Z5y >JuJ50JHCBRBKsTwH/cFAVtr5yFO1WZ2LH1k+j4ZCLVfxKtip4EYIyPAVMpaTAPt4FK2J8fQNQ//A >oWAw9Cw= >-----END CERTIFICATE REQUEST----- >ca_subsystem_cert_req=-----BEGIN CERTIFICATE REQUEST----- >MIICcjCCAVoCAQAwLTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFTATBgNVBAMTDENBIFN1YnN5c3Rl >bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCd4PSmNpQdn80j8LDKkyKD1ItF4ETb >7+Z4RDNOf1ZXRVOiBoKsfojpkML04fh7O2/I8DDNZCN6++4CQvCklksMY/Q3TMZhUepG0q25HRG/ >qGJ2z445iYXnNdfBhHIglypmsYKaJFfBLQmEK9j18NJFFiqWueXp2hh0GxF2AHzfswId5sKko7N1 >M2Pr1kklRH312wav+NdsknrJ0N8REkW1aVVLM9CVj/+0AtrdwquL4XSCtTKLUZFItlYC0umarn78 >VqgM1LpBBDL5vc4Cyn8+5FM7IA0d4N0Y7el2pyot9zFjUlPpdCZ0GhCnU38B8EfpH2B4wpbHGBcj >fM1DFK8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQChN70K0ZR8NcrKCfbFpFLJz2Jm/raKW9ry >cj1vJ4gD8WBM7rvWS69+OtubTRSE9AsbhfanXfua6x9vTW8e5HO2k/h6wJncdDhOL8ENtzFJZ1/z >KTLc8EX4dcKRaK+fUMTWEaBfzlinEnzMULpMMaSJDJkfuJiTum6Np8pP+C0HI7AcoJuEoGIPfhU0 >ueernJjKi0YrYMozps7P7gG82AK37t6iYetz2z+e5xubl1E2qAXcOe3HjAlTkcEvpuk05k+Xo6d2 >9dr9EsBjKHnURYmv8vzNaw1X7KbAOYmvGA5mG82tgDSoY1ZBfQXknOdkRZYO/oZfJMjmVfRE8xZP >21BB >-----END CERTIFICATE REQUEST----- >server_cert_req=-----BEGIN CERTIFICATE REQUEST----- >MIICdTCCAV0CAQAwMDEUMBIGA1UEChMLQVRHUkVFTi5PUkcxGDAWBgNVBAMTD2lwYS5hdGdyZWVu >Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMc4vBbzY0wp9reXo25mXgT9rvYj >7XHl+D8cxJPyw63mW5GObBDdn499NTMi1TECVCjSohr3gl7uUy5RBjWnS/0uVPVquZJDNApgrrZP >4o9fklopW25/edU0OXl0FaiX3br0vUka7jwzGfl4HNAzhBOLD1nukeSgB/rY9QUHiHcj45A8LqqN >7C3u9hJKAlndWp0ia/QqDIar0ZLTlufcfeJZNDEUKa7lPZMLDL7DQ9oVMPo3xdLjIv1DQLgTyGET >8XMoGiwXMeDajnu3heqZYFiwwF4b1IUahjShlA9LAtjA5UKAYV7btfD6E2RE8wgaIfBgpOhs3W0m >WX35nE3AackCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBEZ5/jc54xcPfSn8RbJOtMbeN5dyU9 >Axv/ETlE9W9e2vc2yyFraVitVUrxt1DZVvsRgerUhiIap0o9tKW187kPTypA4BZmflX/KeFU3aet >Hqi1lHYs9Ma0Avk0WtqDDqtEGHH68xBZQ/QuPcK9aGpKPYDKXiExrt4ML8GiNQx0oagQ9w+8588g >6Dk8m691uNgBEaCnM2u1Z6KCkqqu9R57t+U2bXnbVTlO6Z4oMY1BhwBwASAyLzZ/SVnMz8YK/ghP >PMNBJCx1vuI15mcJga6om0vHXmY9DQKMATNz5hacV0+AsLbV3vO10eTXzax7Sdjrdy15/pubP1HN >fquwi3Zh >-----END CERTIFICATE REQUEST----- >ca_audit_siging_cert_req=-----BEGIN CERTIFICATE REQUEST----- >MIICbjCCAVYCAQAwKTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxETAPBgNVBAMTCENBIEF1ZGl0MIIB >IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw6D4/SjLihiNm9XrDg7jF5lVJaU966dBzP2 >uM2GK8DuKN6jrwOSyqTKiQXoI0cjrPAzyBgXCznq+IZfF2WyY3oKQLD46rNY6hf83xzQpzwEUBk+ >175ljboJ9wEFUgr/5ZrbBa0hYbZmoFEPtX/XG3U6ykSOhB6nf+aK5/5bv9YXb10aoGSxyPRIoc5g >dBKTQsEPyHicqbIJe/rmXZ0bnMJxkxdCfEZ+8oLYSMYQyh1x7MnNZBFAOGJfQ/soc0GBBCp5tq+I >HSF5880SRwzm8CbCPVgoXePx54krC1W/gfWn2aaQRpDtvcVskCoP7GXKOsC78eiWtbQ4JwhrCkb3 >UQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBABBpb472bA27Jnat7ruhFM5NISRMWNbnOhuOkNfI >ztLv/BuXmeIg3YsxaEBSTsCLQZwg5p4I3BbddMslgyDig3FCECXt91roFw43fSQLgKysgXJGxBRX >W+tmGtJhqoFFYMwBnvVtK8Gko3zh5usn03Ec52Ry4QKw9GjS7hyhVqPfqvTTo8F0HJqMzwM1cPSm >seUOMQhKzNcJj9tJCYsLsvaTMx/l0I3+dKdrH1+1wQpFnj7WF/bvO3VfKdLxJVVrnyLjLJvhezdG >0IhCwHS2FPWJgSKdJUpFsRpHkunk2sDeARqFWXrpwM1LQ+PGK/C7J8wg8IoZ49lWj4zNG/0SdXE= >-----END CERTIFICATE REQUEST----- >ca_cert_cert=-----BEGIN CERTIFICATE----- >MIIDizCCAnOgAwIBAgIBATANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxM1oXDTIwMDcyMzE1 >MzIxM1owNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhv >cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjimwXevc4vSkN/m5uBaWqyt1xT >6y3dXD6K9+XFXvSPiLGw2PnRmariHATkEeHP1wRKk64POK4YUp3b0yfXCnsC/QkleA6IcOVL2K7g >UW0YvucmqAQP31J0hLChfFiCsJe+1EDeGPAV8A6om384lt99z6jdJEQkofqAt42Kyiaz0uTIyhbD >8NAdGQGLF7HBdI2BUk9wnzXwpVdMMW8Diytd/pIzhdSkCAhjS25nCMTBiDGSpgvoPgVcj927npl9 >zu1xYzhmw/E/8v/93WSjj9Pwl9uUUng3dHqdsb/PO4wtcKEYqQ8JQXkFFtawaFeeS9pe885co527 >lnR1CztsCqUCAwEAAaOBozCBoDAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jAPBgNV >HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUWZ2ujRkgSEb0LuRba+8LQyNu >CtowPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3JnOjgw >L2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAEq4CMeDJaGOWHrXcPs/ntEuZwFo17oybeLtY15T >FSSOP36CduWnwsrdpAWIE4K+JBAbQJUu3OrEBZ0yJaRzQmN8VwYhq8TcyLvtQykOYueYbnv0GdkA >XaSxs6ShiEZZ7syME3WXXoOOS7I6BkZZxnMljGT6T9n7z9HCtOU5uvJQzkTp9GZuft2mn/15Y3N7 >Qn5wo7qMaNwYeXZZSIbWTTVIYH9InlktXCZCLPCvgA+pc4Cof03TzbYNetNiEiY0ZH8GrbNNbRIZ >Y8Op+eySXIcStwTcM8rvV/eMFTwUgMdo+wW4KP/+HW6WOH3J+n+Wt89VGCkwmJKsxm/sAgFT2dA= >-----END CERTIFICATE----- >ocsp_cert_cert=-----BEGIN CERTIFICATE----- >MIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOFoXDTE0MDcxMzE1 >MzIxOFowLzEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFzAVBgNVBAMTDk9DU1AgU3Vic3lzdGVtMIIB >IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArktQnA0cjHwWVTfhzlw8fCvz1VbUb5uH4GEV >c/0+w20h0Tr88wUVjz5nEL/NC1SW3JitUkPglQh1zKG+XyRGe+s8llnSi5NY9aSMJ8Cp2OXDYFA6 >S4RgfYW/6JW5lOUzC/UtPRM0OZcSNLzTjRT4RfUuQWl3fXEMJVmLfgxrug9ydWEOM40UfJxjRRMd >r1MAHhaL+Wo+G2+svb5m2rSbNMWvkfuP/nqo4id29N8V5XOvyA/uLv6mBC+YbNRAGKSRUqFSznUt >4EknLQnNLrLaaFYMkECzQUlwYsFUsJixMqXfKKf4wLlDBMdrBjJx3yAvHRB/ItSH8iwWjYD8nRpY >nQIDAQABo4GIMIGFMB8GA1UdIwQYMBaAFFmdro0ZIEhG9C7kW2vvC0MjbgraMA4GA1UdDwEB/wQE >AwIBxjA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6 >ODAvY2Evb2NzcDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAQEAg52KKbdm >jLZLKMfG/I7GwzT1mBCSWKNEB0YAdg06pTjJZvp02Y63r5lVLz/jRevb3YfojE0J+3WrfLyw7Izx >rQaYctOE8AJY0IdX0EDl8tJy74moJXsnNWOBsUfTevLlKbC3NgD92qNXlGxq1+U06lY14eBGD0ww >Ojhqdb2MQ0BsZT5ReYCXmwfuejPMzSqAh7ic7e9/YgMixvDuG+oi1Fl8oJ3n+rQz2M8uBDH8Yl88 >ey0W1d0nbDkysNxJ5c/M8iawDkat3Ab9xxmye1bm6eu9/w3XQXA1hOFSNgwA/ytG3g+2zePLTYGA >Lxfak/EAMmEQ3e0Petpy9tfcBQkQow== >-----END CERTIFICATE----- >ca_subsystem_cert_cert=-----BEGIN CERTIFICATE----- >MIIDcTCCAlmgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOVoXDTE0MDcxMzE1 >MzIxOVowLTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFTATBgNVBAMTDENBIFN1YnN5c3RlbTCCASIw >DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCd4PSmNpQdn80j8LDKkyKD1ItF4ETb7+Z4RDNO >f1ZXRVOiBoKsfojpkML04fh7O2/I8DDNZCN6++4CQvCklksMY/Q3TMZhUepG0q25HRG/qGJ2z445 >iYXnNdfBhHIglypmsYKaJFfBLQmEK9j18NJFFiqWueXp2hh0GxF2AHzfswId5sKko7N1M2Pr1kkl >RH312wav+NdsknrJ0N8REkW1aVVLM9CVj/+0AtrdwquL4XSCtTKLUZFItlYC0umarn78VqgM1LpB >BDL5vc4Cyn8+5FM7IA0d4N0Y7el2pyot9zFjUlPpdCZ0GhCnU38B8EfpH2B4wpbHGBcjfM1DFK8C >AwEAAaOBkjCBjzAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jA9BggrBgEFBQcBAQQx >MC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6ODAvY2Evb2NzcDAOBgNVHQ8B >Af8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IB >AQCUG8VHObYl0XUwSUHGNHZ/eh7RInzMX3o8MjsyJRepu+Wyo5cCH8iq+WZUALCMDNJJnZsPTxMO >D3B8Qc86/c4krVGcIcVwampeYp4ikAqcjst6meHbfcvE326q35Ho+GYp3tSOjKQiWy8gfYJPypuP >TFPkPGn58cgJmmua5e15AfNiowEMVi3xkVz1kEhPHgmg4jkW4Gk29uyTx6K7vrTPTD/2IEW0EL3v >saKNVeZbV94N0ZxV/lcr7wIiRyool4DKLitWUEwMnNLhOiI6/fmEaP53e0UhqDLvpcYG1fzIDAue >9pzPaZVNX8ryBGKJ1Btk1hohWkaLTehqHCfGgjMi >-----END CERTIFICATE----- >server_cert_cert=-----BEGIN CERTIFICATE----- >MIIDajCCAlKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOFoXDTE0MDcxMzE1 >MzIxOFowMDEUMBIGA1UEChMLQVRHUkVFTi5PUkcxGDAWBgNVBAMTD2lwYS5hdGdyZWVuLm9yZzCC >ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMc4vBbzY0wp9reXo25mXgT9rvYj7XHl+D8c >xJPyw63mW5GObBDdn499NTMi1TECVCjSohr3gl7uUy5RBjWnS/0uVPVquZJDNApgrrZP4o9fklop >W25/edU0OXl0FaiX3br0vUka7jwzGfl4HNAzhBOLD1nukeSgB/rY9QUHiHcj45A8LqqN7C3u9hJK >AlndWp0ia/QqDIar0ZLTlufcfeJZNDEUKa7lPZMLDL7DQ9oVMPo3xdLjIv1DQLgTyGET8XMoGiwX >MeDajnu3heqZYFiwwF4b1IUahjShlA9LAtjA5UKAYV7btfD6E2RE8wgaIfBgpOhs3W0mWX35nE3A >ackCAwEAAaOBiDCBhTAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jA9BggrBgEFBQcB >AQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6ODAvY2Evb2NzcDAOBgNV >HQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBABQsvaQe >mWLgwT09jzgX40x7LZDnF63KH2tZaplhITuOjO4AjnuqAAsP2wYdzPvKl7hrhxdRszPdcre2yjrI >GItJhxsqeB+pP9mh9HkadQkFYMplkmMvfI79Ne2ZwN48FcN5q9CO1oP2LPiujccZHYSmuPj6KKJI >eWlYev8RiusT/v5sDk5UKkCm1MEVoR4xIZ9Xua0C+N+ZEiOrr+jg4OfJv+zqC2NX4+BGus1mf2ag >7d9waB52bmDZsr/dNSuco3mXSZPaRmcPE57/ALtOKpDye5P5KG5vGenrtzRa64jzp7+rxI3mSueG >WjTF2O9vpp3Bx3+ARe3IKhMYaCXNHrk= >-----END CERTIFICATE----- >ca_audit_signing_cert_cert=-----BEGIN CERTIFICATE----- >MIIDTDCCAjSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe >MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIyMFoXDTE0MDcxMzE1 >MzIyMFowKTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxETAPBgNVBAMTCENBIEF1ZGl0MIIBIjANBgkq >hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw6D4/SjLihiNm9XrDg7jF5lVJaU966dBzP2uM2GK8Du >KN6jrwOSyqTKiQXoI0cjrPAzyBgXCznq+IZfF2WyY3oKQLD46rNY6hf83xzQpzwEUBk+175ljboJ >9wEFUgr/5ZrbBa0hYbZmoFEPtX/XG3U6ykSOhB6nf+aK5/5bv9YXb10aoGSxyPRIoc5gdBKTQsEP >yHicqbIJe/rmXZ0bnMJxkxdCfEZ+8oLYSMYQyh1x7MnNZBFAOGJfQ/soc0GBBCp5tq+IHSF5880S >Rwzm8CbCPVgoXePx54krC1W/gfWn2aaQRpDtvcVskCoP7GXKOsC78eiWtbQ4JwhrCkb3UQIDAQAB >o3IwcDAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jAOBgNVHQ8BAf8EBAMCBsAwPQYI >KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3JnOjgwL2NhL29j >c3AwDQYJKoZIhvcNAQELBQADggEBAH57mCfQa3uY6ExdPDO3YLCYki6u9o4OoDlelW54U2XuJRO+ >u56tZLTk7yFjSj+72vubcY4ouzzP/Wdl1zIBkmYK3D7PJ6HhW4vxAko/CKkmQbGpxjnpAjYt2p9z >v8kS/0ORwNtHa2WnvDu1x6/BvnF+cTKKeD3CWkE9O1o2VYbTtu+Ayxd+9LTsllI9o/ZuSjPoUv9Y >1uC9TGOJGHo0cVlGkLfMvR+md4r+RnHq1+1e6t2+NnrE4C9kXLp47ucHrpXVF3tJ/agY3aRV+qJv >bs2Rpt5jvUJbqVPbK93ON5FcM3sYHqa7UND5RjbJxnw7tcwxoK/Cp7VLrpuJtFxtvH0= >-----END CERTIFICATE----- >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=12&op=next&xml=true&subsystem=-----BEGIN+CERTIFICATE-----%0AMIIDcTCCAlmgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe%0AMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOVoXDTE0MDcxMzE1%0AMzIxOVowLTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFTATBgNVBAMTDENBIFN1YnN5c3RlbTCCASIw%0ADQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCd4PSmNpQdn80j8LDKkyKD1ItF4ETb7%2BZ4RDNO%0Af1ZXRVOiBoKsfojpkML04fh7O2%2FI8DDNZCN6%2B%2B4CQvCklksMY%2FQ3TMZhUepG0q25HRG%2FqGJ2z445%0AiYXnNdfBhHIglypmsYKaJFfBLQmEK9j18NJFFiqWueXp2hh0GxF2AHzfswId5sKko7N1M2Pr1kkl%0ARH312wav%2BNdsknrJ0N8REkW1aVVLM9CVj%2F%2B0AtrdwquL4XSCtTKLUZFItlYC0umarn78VqgM1LpB%0ABDL5vc4Cyn8%2B5FM7IA0d4N0Y7el2pyot9zFjUlPpdCZ0GhCnU38B8EfpH2B4wpbHGBcjfM1DFK8C%0AAwEAAaOBkjCBjzAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jA9BggrBgEFBQcBAQQx%0AMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6ODAvY2Evb2NzcDAOBgNVHQ8B%0AAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IB%0AAQCUG8VHObYl0XUwSUHGNHZ%2Feh7RInzMX3o8MjsyJRepu%2BWyo5cCH8iq%2BWZUALCMDNJJnZsPTxMO%0AD3B8Qc86%2Fc4krVGcIcVwampeYp4ikAqcjst6meHbfcvE326q35Ho%2BGYp3tSOjKQiWy8gfYJPypuP%0ATFPkPGn58cgJmmua5e15AfNiowEMVi3xkVz1kEhPHgmg4jkW4Gk29uyTx6K7vrTPTD%2F2IEW0EL3v%0AsaKNVeZbV94N0ZxV%2Flcr7wIiRyool4DKLitWUEwMnNLhOiI6%2FfmEaP53e0UhqDLvpcYG1fzIDAue%0A9pzPaZVNX8ryBGKJ1Btk1hohWkaLTehqHCfGgjMi%0A-----END+CERTIFICATE-----&subsystem_cc=&ocsp_signing=-----BEGIN+CERTIFICATE-----%0AMIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe%0AMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOFoXDTE0MDcxMzE1%0AMzIxOFowLzEUMBIGA1UEChMLQVRHUkVFTi5PUkcxFzAVBgNVBAMTDk9DU1AgU3Vic3lzdGVtMIIB%0AIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArktQnA0cjHwWVTfhzlw8fCvz1VbUb5uH4GEV%0Ac%2F0%2Bw20h0Tr88wUVjz5nEL%2FNC1SW3JitUkPglQh1zKG%2BXyRGe%2Bs8llnSi5NY9aSMJ8Cp2OXDYFA6%0AS4RgfYW%2F6JW5lOUzC%2FUtPRM0OZcSNLzTjRT4RfUuQWl3fXEMJVmLfgxrug9ydWEOM40UfJxjRRMd%0Ar1MAHhaL%2BWo%2BG2%2Bsvb5m2rSbNMWvkfuP%2Fnqo4id29N8V5XOvyA%2FuLv6mBC%2BYbNRAGKSRUqFSznUt%0A4EknLQnNLrLaaFYMkECzQUlwYsFUsJixMqXfKKf4wLlDBMdrBjJx3yAvHRB%2FItSH8iwWjYD8nRpY%0AnQIDAQABo4GIMIGFMB8GA1UdIwQYMBaAFFmdro0ZIEhG9C7kW2vvC0MjbgraMA4GA1UdDwEB%2FwQE%0AAwIBxjA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6%0AODAvY2Evb2NzcDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAQEAg52KKbdm%0AjLZLKMfG%2FI7GwzT1mBCSWKNEB0YAdg06pTjJZvp02Y63r5lVLz%2FjRevb3YfojE0J%2B3WrfLyw7Izx%0ArQaYctOE8AJY0IdX0EDl8tJy74moJXsnNWOBsUfTevLlKbC3NgD92qNXlGxq1%2BU06lY14eBGD0ww%0AOjhqdb2MQ0BsZT5ReYCXmwfuejPMzSqAh7ic7e9%2FYgMixvDuG%2Boi1Fl8oJ3n%2BrQz2M8uBDH8Yl88%0Aey0W1d0nbDkysNxJ5c%2FM8iawDkat3Ab9xxmye1bm6eu9%2Fw3XQXA1hOFSNgwA%2FytG3g%2B2zePLTYGA%0ALxfak%2FEAMmEQ3e0Petpy9tfcBQkQow%3D%3D%0A-----END+CERTIFICATE-----&ocsp_signing_cc=&signing=-----BEGIN+CERTIFICATE-----%0AMIIDizCCAnOgAwIBAgIBATANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe%0AMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxM1oXDTIwMDcyMzE1%0AMzIxM1owNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhv%0Acml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjimwXevc4vSkN%2Fm5uBaWqyt1xT%0A6y3dXD6K9%2BXFXvSPiLGw2PnRmariHATkEeHP1wRKk64POK4YUp3b0yfXCnsC%2FQkleA6IcOVL2K7g%0AUW0YvucmqAQP31J0hLChfFiCsJe%2B1EDeGPAV8A6om384lt99z6jdJEQkofqAt42Kyiaz0uTIyhbD%0A8NAdGQGLF7HBdI2BUk9wnzXwpVdMMW8Diytd%2FpIzhdSkCAhjS25nCMTBiDGSpgvoPgVcj927npl9%0Azu1xYzhmw%2FE%2F8v%2F93WSjj9Pwl9uUUng3dHqdsb%2FPO4wtcKEYqQ8JQXkFFtawaFeeS9pe885co527%0AlnR1CztsCqUCAwEAAaOBozCBoDAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jAPBgNV%0AHRMBAf8EBTADAQH%2FMA4GA1UdDwEB%2FwQEAwIBxjAdBgNVHQ4EFgQUWZ2ujRkgSEb0LuRba%2B8LQyNu%0ACtowPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3JnOjgw%0AL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAEq4CMeDJaGOWHrXcPs%2FntEuZwFo17oybeLtY15T%0AFSSOP36CduWnwsrdpAWIE4K%2BJBAbQJUu3OrEBZ0yJaRzQmN8VwYhq8TcyLvtQykOYueYbnv0GdkA%0AXaSxs6ShiEZZ7syME3WXXoOOS7I6BkZZxnMljGT6T9n7z9HCtOU5uvJQzkTp9GZuft2mn%2F15Y3N7%0AQn5wo7qMaNwYeXZZSIbWTTVIYH9InlktXCZCLPCvgA%2Bpc4Cof03TzbYNetNiEiY0ZH8GrbNNbRIZ%0AY8Op%2BeySXIcStwTcM8rvV%2FeMFTwUgMdo%2BwW4KP%2F%2BHW6WOH3J%2Bn%2BWt89VGCkwmJKsxm%2FsAgFT2dA%3D%0A-----END+CERTIFICATE-----&signing_cc=&audit_signing=-----BEGIN+CERTIFICATE-----%0AMIIDTDCCAjSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe%0AMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIyMFoXDTE0MDcxMzE1%0AMzIyMFowKTEUMBIGA1UEChMLQVRHUkVFTi5PUkcxETAPBgNVBAMTCENBIEF1ZGl0MIIBIjANBgkq%0AhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw6D4%2FSjLihiNm9XrDg7jF5lVJaU966dBzP2uM2GK8Du%0AKN6jrwOSyqTKiQXoI0cjrPAzyBgXCznq%2BIZfF2WyY3oKQLD46rNY6hf83xzQpzwEUBk%2B175ljboJ%0A9wEFUgr%2F5ZrbBa0hYbZmoFEPtX%2FXG3U6ykSOhB6nf%2BaK5%2F5bv9YXb10aoGSxyPRIoc5gdBKTQsEP%0AyHicqbIJe%2FrmXZ0bnMJxkxdCfEZ%2B8oLYSMYQyh1x7MnNZBFAOGJfQ%2Fsoc0GBBCp5tq%2BIHSF5880S%0ARwzm8CbCPVgoXePx54krC1W%2FgfWn2aaQRpDtvcVskCoP7GXKOsC78eiWtbQ4JwhrCkb3UQIDAQAB%0Ao3IwcDAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jAOBgNVHQ8BAf8EBAMCBsAwPQYI%0AKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3JnOjgwL2NhL29j%0Ac3AwDQYJKoZIhvcNAQELBQADggEBAH57mCfQa3uY6ExdPDO3YLCYki6u9o4OoDlelW54U2XuJRO%2B%0Au56tZLTk7yFjSj%2B72vubcY4ouzzP%2FWdl1zIBkmYK3D7PJ6HhW4vxAko%2FCKkmQbGpxjnpAjYt2p9z%0Av8kS%2F0ORwNtHa2WnvDu1x6%2FBvnF%2BcTKKeD3CWkE9O1o2VYbTtu%2BAyxd%2B9LTsllI9o%2FZuSjPoUv9Y%0A1uC9TGOJGHo0cVlGkLfMvR%2Bmd4r%2BRnHq1%2B1e6t2%2BNnrE4C9kXLp47ucHrpXVF3tJ%2FagY3aRV%2BqJv%0Abs2Rpt5jvUJbqVPbK93ON5FcM3sYHqa7UND5RjbJxnw7tcwxoK%2FCp7VLrpuJtFxtvH0%3D%0A-----END+CERTIFICATE-----&audit_signing_cc=&sslserver=-----BEGIN+CERTIFICATE-----%0AMIIDajCCAlKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdSRUVOLk9SRzEe%0AMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcyMzE1MzIxOFoXDTE0MDcxMzE1%0AMzIxOFowMDEUMBIGA1UEChMLQVRHUkVFTi5PUkcxGDAWBgNVBAMTD2lwYS5hdGdyZWVuLm9yZzCC%0AASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMc4vBbzY0wp9reXo25mXgT9rvYj7XHl%2BD8c%0AxJPyw63mW5GObBDdn499NTMi1TECVCjSohr3gl7uUy5RBjWnS%2F0uVPVquZJDNApgrrZP4o9fklop%0AW25%2FedU0OXl0FaiX3br0vUka7jwzGfl4HNAzhBOLD1nukeSgB%2FrY9QUHiHcj45A8LqqN7C3u9hJK%0AAlndWp0ia%2FQqDIar0ZLTlufcfeJZNDEUKa7lPZMLDL7DQ9oVMPo3xdLjIv1DQLgTyGET8XMoGiwX%0AMeDajnu3heqZYFiwwF4b1IUahjShlA9LAtjA5UKAYV7btfD6E2RE8wgaIfBgpOhs3W0mWX35nE3A%0AackCAwEAAaOBiDCBhTAfBgNVHSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jA9BggrBgEFBQcB%0AAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6ODAvY2Evb2NzcDAOBgNV%0AHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBABQsvaQe%0AmWLgwT09jzgX40x7LZDnF63KH2tZaplhITuOjO4AjnuqAAsP2wYdzPvKl7hrhxdRszPdcre2yjrI%0AGItJhxsqeB%2BpP9mh9HkadQkFYMplkmMvfI79Ne2ZwN48FcN5q9CO1oP2LPiujccZHYSmuPj6KKJI%0AeWlYev8RiusT%2Fv5sDk5UKkCm1MEVoR4xIZ9Xua0C%2BN%2BZEiOrr%2Bjg4OfJv%2BzqC2NX4%2BBGus1mf2ag%0A7d9waB52bmDZsr%2FdNSuco3mXSZPaRmcPE57%2FALtOKpDye5P5KG5vGenrtzRa64jzp7%2BrxI3mSueG%0AWjTF2O9vpp3Bx3%2BARe3IKhMYaCXNHrk%3D%0A-----END+CERTIFICATE-----&sslserver_cc= >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:21 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/backupkeycertpanel.vm</panel> > <res/> > <showApplyButton/> > <pwdagain/> > <updateStatus>success</updateStatus> > <dobackup/> > <errorString/> > <size>19</size> > <title>Export Keys and Certificates</title> > <pwd/> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <nobackup>checked</nobackup> > <p>13</p> > <name>CA Setup Wizard</name> > <req/> > <panelname>backupkeys</panelname> ></response> >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=13&op=next&xml=true&choice=backupkey&__pwd=XXXXXXXX&__pwdagain=XXXXXXXX >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:22 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/savepkcs12panel.vm</panel> > <res/> > <subsystemtype>ca</subsystemtype> > <showApplyButton/> > <updateStatus>success</updateStatus> > <errorString/> > <size>19</size> > <title>Save Keys and Certificates</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <name>CA Setup Wizard</name> > <p>14</p> > <req/> > <panelname>savepk12</panelname> ></response> >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/savepkcs12? >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/x-pkcs12 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:22 GMT >RESPONSE HEADER: Connection: close >Decoded PFX >Version: 3 >AuthSafes has 2 SafeContents >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=14&op=next&xml=true >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:22 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/importcachainpanel.vm</panel> > <machineName>ipa.atgreen.org</machineName> > <res/> > <showApplyButton/> > <ca>true</ca> > <updateStatus>success</updateStatus> > <errorString/> > <size>19</size> > <https_port>9444</https_port> > <title>Import CA's Certificate Chain</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <p>15</p> > <name>CA Setup Wizard</name> > <import>true</import> > <http_port>9180</http_port> > <req/> > <panelname>importcachain</panelname> ></response> >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=15&op=next&xml=true >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:22 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/adminpanel.vm</panel> > <res/> > <showApplyButton/> > <ca>true</ca> > <admin_pwd/> > <caType>sdca</caType> > <admin_pwd_again/> > <updateStatus>success</updateStatus> > <admin_name>CA Administrator of Instance pki-ca</admin_name> > <admin_email/> > <securityDomain>IPA</securityDomain> > <errorString/> > <info/> > <size>19</size> > <title>Administrator</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <p>16</p> > <name>CA Setup Wizard</name> > <import>true</import> > <req/> > <panelname>admin</panelname> > <admin_uid>admin</admin_uid> ></response> >CRYPTO INIT WITH CERTDB:/tmp/tmp-CTHPP0 >Crypto manager already initialized >Debug : initialize crypto Manager >INITIALIZATION ERROR: org.mozilla.jss.crypto.AlreadyInitializedException >cdir = /tmp/tmp-CTHPP0 >Debug : before getInstance >Debug : before get token >Debug : before login password >Debug : after login password >64-bit osutil library loaded >CRMF_REQUEST = MIIBczCCAW8wggFjAgEBMIIBWoABAqUvMC0xFDASBgNVBAoTC0FUR1JFRU4uT1JH >MRUwEwYDVQQDEwxpcGEtY2EtYWdlbnSmggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw >ggEKAoIBAQC4epdo8StamfgTpRvU3h1c0WOmgjZBLL3upN8YbDtXUm6UZlqUpjZB >Q22ywnViJPWiUFVm9hgU+gNci6a785xWwPZkwO+s+fjfikCKn8zFv2+4J3VJOeDw >lNXdzhTPDKyX2cfKIp9j26gcMlBquIEsyG4WOIEcEMT/dLMEKWcHyduS0N6cGH9U >F1Kq6V2SvQEXyK1hGTcuUmmc9SM8L6Zyc/8f6VY5dMTTiSjU77MZBF3PhNejrvqN >6dFbi6JxJcGIY+AvFUoyIab5RFtX3nWNbqLdfKaCd/ix7oJ+hzzFVBLIAJ7IVn/3 >emf/pzyDOiS6hHk66JkiifRNqmKGU9bTAgMBAAEwAKIGgAQDAAMA >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=16&op=next&xml=true&cert_request_type=crmf&uid=admin&name=admin&__pwd=XXXXXXXX&__admin_password_again=XXXXXXXX&profileId=caAdminCert&email=root%40localhost&cert_request=MIIBczCCAW8wggFjAgEBMIIBWoABAqUvMC0xFDASBgNVBAoTC0FUR1JFRU4uT1JH%0D%0AMRUwEwYDVQQDEwxpcGEtY2EtYWdlbnSmggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw%0D%0AggEKAoIBAQC4epdo8StamfgTpRvU3h1c0WOmgjZBLL3upN8YbDtXUm6UZlqUpjZB%0D%0AQ22ywnViJPWiUFVm9hgU%2BgNci6a785xWwPZkwO%2Bs%2BfjfikCKn8zFv2%2B4J3VJOeDw%0D%0AlNXdzhTPDKyX2cfKIp9j26gcMlBquIEsyG4WOIEcEMT%2FdLMEKWcHyduS0N6cGH9U%0D%0AF1Kq6V2SvQEXyK1hGTcuUmmc9SM8L6Zyc%2F8f6VY5dMTTiSjU77MZBF3PhNejrvqN%0D%0A6dFbi6JxJcGIY%2BAvFUoyIab5RFtX3nWNbqLdfKaCd%2Fix7oJ%2BhzzFVBLIAJ7IVn%2F3%0D%0Aemf%2FpzyDOiS6hHk66JkiifRNqmKGU9bTAgMBAAEwAKIGgAQDAAMA&subject=CN%3Dipa-ca-agent%2CO%3DATGREEN.ORG&clone=new&import=true&securitydomain=IPA >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:23 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/importadmincertpanel.vm</panel> > <res/> > <showApplyButton/> > <admin_pwd>XXXXXXXX</admin_pwd> > <ca>true</ca> > <caPort>9445</caPort> > <admin_pwd_again>XXXXXXXX</admin_pwd_again> > <caType>sdca</caType> > <updateStatus>success</updateStatus> > <serialNumber>6</serialNumber> > <admin_email>root@localhost</admin_email> > <admin_name>admin</admin_name> > <errorString/> > <size>19</size> > <info/> > <caHost>ipa.atgreen.org</caHost> > <title>Import Administrator's Certificate</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <p>17</p> > <name>CA Setup Wizard</name> > <import>true</import> > <pkcs7>MIIHMwYJKoZIhvcNAQcCoIIHJDCCByACAQExADAPBgkqhkiG9w0BBwGgAgQAoIIHBDCCA3EwggJZoAMCAQICAQYwDQYJKoZIhvcNAQELBQAwNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMjA3MjMxNTMyMjNaFw0xNDA3MTMxNTMyMjNaMC0xFDASBgNVBAoTC0FUR1JFRU4uT1JHMRUwEwYDVQQDEwxpcGEtY2EtYWdlbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4epdo8StamfgTpRvU3h1c0WOmgjZBLL3upN8YbDtXUm6UZlqUpjZBQ22ywnViJPWiUFVm9hgU+gNci6a785xWwPZkwO+s+fjfikCKn8zFv2+4J3VJOeDwlNXdzhTPDKyX2cfKIp9j26gcMlBquIEsyG4WOIEcEMT/dLMEKWcHyduS0N6cGH9UF1Kq6V2SvQEXyK1hGTcuUmmc9SM8L6Zyc/8f6VY5dMTTiSjU77MZBF3PhNejrvqN6dFbi6JxJcGIY+AvFUoyIab5RFtX3nWNbqLdfKaCd/ix7oJ+hzzFVBLIAJ7IVn/3emf/pzyDOiS6hHk66JkiifRNqmKGU9bTAgMBAAGjgZIwgY8wHwYDVR0jBBgwFoAUWZ2ujRkgSEb0LuRba+8LQyNuCtowPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3JnOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAI0cl2IY6gRl6GhWmXAKjwfw7mpv2pWaXB4pl4jrrjJT0cnra5aN7Cb/ZSvBnsijYZ6gfdqLGDUdRMpuRj1rcJ/ha1HloNV7KTNYsUTgeb0Vw3MufiD9FUu+AOfvT11oZ98ZxzKg4KIeG02DCieyOGtVrNcgbvb5lS5IBXyeBwdrP/ELw4gqDfyfcVVCje3MgMObB6BJSh7nZUkDE0nNqHw2afBzCQJ8ZP1XcKMY0eNxaUYv75AaB9jujhPLndNv1xO7+8A0F+KhV77yYUfGllLnL4RU5cwE1NV0w186975J/DLxTUs7sigpeMjYMBppTviexPpWP7NzXuvxw1O7I6zCCA4swggJzoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMjA3MjMxNTMyMTNaFw0yMDA3MjMxNTMyMTNaMDYxFDASBgNVBAoTC0FUR1JFRU4uT1JHMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY4psF3r3OL0pDf5ubgWlqsrdcU+st3Vw+ivflxV70j4ixsNj50Zmq4hwE5BHhz9cESpOuDziuGFKd29Mn1wp7Av0JJXgOiHDlS9iu4FFtGL7nJqgED99SdISwoXxYgrCXvtRA3hjwFfAOqJt/OJbffc+o3SREJKH6gLeNisoms9LkyMoWw/DQHRkBixexwXSNgVJPcJ818KVXTDFvA4srXf6SM4XUpAgIY0tuZwjEwYgxkqYL6D4FXI/du56Zfc7tcWM4ZsPxP/L//d1ko4/T8JfblFJ4N3R6nbG/zzuMLXChGKkPCUF5BRbWsGhXnkvaXvPOXKOdu5Z0dQs7bAqlAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUWZ2ujRkgSEb0LuRba+8LQyNuCtowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFFmdro0ZIEhG9C7kW2vvC0MjbgraMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL2lwYS5hdGdyZWVuLm9yZzo4MC9jYS9vY3NwMA0GCSqGSIb3DQEBCwUAA4IBAQBKuAjHgyWhjlh613D7P57RLmcBaNe6Mm3i7WNeUxUkjj9+gnblp8LK3aQFiBOCviQQG0CVLtzqxAWdMiWkc0JjfFcGIavE3Mi77UMpDmLnmG579BnZAF2ksbOkoYhGWe7MjBN1l16DjkuyOgZGWcZzJYxk+k/Z+8/RwrTlObryUM5E6fRmbn7dpp/9eWNze0J+cKO6jGjcGHl2WUiG1k01SGB/SJ5ZLVwmQizwr4APqXOAqH9N0822DXrTYhImNGR/Bq2zTW0SGWPDqfnsklyHErcE3DPK71f3jBU8FIDHaPsFuCj//h1uljh9yfp/lrfPVRgpMJiSrMZv7AIBU9nQMQA=</pkcs7> > <req/> > <panelname>importadmincert</panelname> ></response> >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/ca/getBySerial?&serialNumber=6&importCert=true >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/x-x509-user-cert >RESPONSE HEADER: Content-Length: 1847 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:23 GMT >RESPONSE HEADER: Connection: keep-alive >Cert to Import =MIIHMwYJKoZIhvcNAQcCoIIHJDCCByACAQExADAPBgkqhkiG9w0BBwGgAgQAoIIH >BDCCA3EwggJZoAMCAQICAQYwDQYJKoZIhvcNAQELBQAwNjEUMBIGA1UEChMLQVRH >UkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMjA3 >MjMxNTMyMjNaFw0xNDA3MTMxNTMyMjNaMC0xFDASBgNVBAoTC0FUR1JFRU4uT1JH >MRUwEwYDVQQDEwxpcGEtY2EtYWdlbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw >ggEKAoIBAQC4epdo8StamfgTpRvU3h1c0WOmgjZBLL3upN8YbDtXUm6UZlqUpjZB >Q22ywnViJPWiUFVm9hgU+gNci6a785xWwPZkwO+s+fjfikCKn8zFv2+4J3VJOeDw >lNXdzhTPDKyX2cfKIp9j26gcMlBquIEsyG4WOIEcEMT/dLMEKWcHyduS0N6cGH9U >F1Kq6V2SvQEXyK1hGTcuUmmc9SM8L6Zyc/8f6VY5dMTTiSjU77MZBF3PhNejrvqN >6dFbi6JxJcGIY+AvFUoyIab5RFtX3nWNbqLdfKaCd/ix7oJ+hzzFVBLIAJ7IVn/3 >emf/pzyDOiS6hHk66JkiifRNqmKGU9bTAgMBAAGjgZIwgY8wHwYDVR0jBBgwFoAU >WZ2ujRkgSEb0LuRba+8LQyNuCtowPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzAB >hiFodHRwOi8vaXBhLmF0Z3JlZW4ub3JnOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQD >AgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsF >AAOCAQEAI0cl2IY6gRl6GhWmXAKjwfw7mpv2pWaXB4pl4jrrjJT0cnra5aN7Cb/Z >SvBnsijYZ6gfdqLGDUdRMpuRj1rcJ/ha1HloNV7KTNYsUTgeb0Vw3MufiD9FUu+A >OfvT11oZ98ZxzKg4KIeG02DCieyOGtVrNcgbvb5lS5IBXyeBwdrP/ELw4gqDfyfc >VVCje3MgMObB6BJSh7nZUkDE0nNqHw2afBzCQJ8ZP1XcKMY0eNxaUYv75AaB9juj >hPLndNv1xO7+8A0F+KhV77yYUfGllLnL4RU5cwE1NV0w186975J/DLxTUs7sigpe >MjYMBppTviexPpWP7NzXuvxw1O7I6zCCA4swggJzoAMCAQICAQEwDQYJKoZIhvcN >AQELBQAwNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmlj >YXRlIEF1dGhvcml0eTAeFw0xMjA3MjMxNTMyMTNaFw0yMDA3MjMxNTMyMTNaMDYx >FDASBgNVBAoTC0FUR1JFRU4uT1JHMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo >b3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY4psF3r3OL0pD >f5ubgWlqsrdcU+st3Vw+ivflxV70j4ixsNj50Zmq4hwE5BHhz9cESpOuDziuGFKd >29Mn1wp7Av0JJXgOiHDlS9iu4FFtGL7nJqgED99SdISwoXxYgrCXvtRA3hjwFfAO >qJt/OJbffc+o3SREJKH6gLeNisoms9LkyMoWw/DQHRkBixexwXSNgVJPcJ818KVX >TDFvA4srXf6SM4XUpAgIY0tuZwjEwYgxkqYL6D4FXI/du56Zfc7tcWM4ZsPxP/L/ >/d1ko4/T8JfblFJ4N3R6nbG/zzuMLXChGKkPCUF5BRbWsGhXnkvaXvPOXKOdu5Z0 >dQs7bAqlAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUWZ2ujRkgSEb0LuRba+8LQyNu >CtowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFFmd >ro0ZIEhG9C7kW2vvC0MjbgraMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYh >aHR0cDovL2lwYS5hdGdyZWVuLm9yZzo4MC9jYS9vY3NwMA0GCSqGSIb3DQEBCwUA >A4IBAQBKuAjHgyWhjlh613D7P57RLmcBaNe6Mm3i7WNeUxUkjj9+gnblp8LK3aQF >iBOCviQQG0CVLtzqxAWdMiWkc0JjfFcGIavE3Mi77UMpDmLnmG579BnZAF2ksbOk >oYhGWe7MjBN1l16DjkuyOgZGWcZzJYxk+k/Z+8/RwrTlObryUM5E6fRmbn7dpp/9 >eWNze0J+cKO6jGjcGHl2WUiG1k01SGB/SJ5ZLVwmQizwr4APqXOAqH9N0822DXrT >YhImNGR/Bq2zTW0SGWPDqfnsklyHErcE3DPK71f3jBU8FIDHaPsFuCj//h1uljh9 >yfp/lrfPVRgpMJiSrMZv7AIBU9nQMQA= >Cert to Import =MIIHMwYJKoZIhvcNAQcCoIIHJDCCByACAQExADAPBgkqhkiG9w0BBwGgAgQAoIIH >BDCCA3EwggJZoAMCAQICAQYwDQYJKoZIhvcNAQELBQAwNjEUMBIGA1UEChMLQVRH >UkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMjA3 >MjMxNTMyMjNaFw0xNDA3MTMxNTMyMjNaMC0xFDASBgNVBAoTC0FUR1JFRU4uT1JH >MRUwEwYDVQQDEwxpcGEtY2EtYWdlbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw >ggEKAoIBAQC4epdo8StamfgTpRvU3h1c0WOmgjZBLL3upN8YbDtXUm6UZlqUpjZB >Q22ywnViJPWiUFVm9hgU+gNci6a785xWwPZkwO+s+fjfikCKn8zFv2+4J3VJOeDw >lNXdzhTPDKyX2cfKIp9j26gcMlBquIEsyG4WOIEcEMT/dLMEKWcHyduS0N6cGH9U >F1Kq6V2SvQEXyK1hGTcuUmmc9SM8L6Zyc/8f6VY5dMTTiSjU77MZBF3PhNejrvqN >6dFbi6JxJcGIY+AvFUoyIab5RFtX3nWNbqLdfKaCd/ix7oJ+hzzFVBLIAJ7IVn/3 >emf/pzyDOiS6hHk66JkiifRNqmKGU9bTAgMBAAGjgZIwgY8wHwYDVR0jBBgwFoAU >WZ2ujRkgSEb0LuRba+8LQyNuCtowPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzAB >hiFodHRwOi8vaXBhLmF0Z3JlZW4ub3JnOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQD >AgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsF >AAOCAQEAI0cl2IY6gRl6GhWmXAKjwfw7mpv2pWaXB4pl4jrrjJT0cnra5aN7Cb/Z >SvBnsijYZ6gfdqLGDUdRMpuRj1rcJ/ha1HloNV7KTNYsUTgeb0Vw3MufiD9FUu+A >OfvT11oZ98ZxzKg4KIeG02DCieyOGtVrNcgbvb5lS5IBXyeBwdrP/ELw4gqDfyfc >VVCje3MgMObB6BJSh7nZUkDE0nNqHw2afBzCQJ8ZP1XcKMY0eNxaUYv75AaB9juj >hPLndNv1xO7+8A0F+KhV77yYUfGllLnL4RU5cwE1NV0w186975J/DLxTUs7sigpe >MjYMBppTviexPpWP7NzXuvxw1O7I6zCCA4swggJzoAMCAQICAQEwDQYJKoZIhvcN >AQELBQAwNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcxHjAcBgNVBAMTFUNlcnRpZmlj >YXRlIEF1dGhvcml0eTAeFw0xMjA3MjMxNTMyMTNaFw0yMDA3MjMxNTMyMTNaMDYx >FDASBgNVBAoTC0FUR1JFRU4uT1JHMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo >b3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY4psF3r3OL0pD >f5ubgWlqsrdcU+st3Vw+ivflxV70j4ixsNj50Zmq4hwE5BHhz9cESpOuDziuGFKd >29Mn1wp7Av0JJXgOiHDlS9iu4FFtGL7nJqgED99SdISwoXxYgrCXvtRA3hjwFfAO >qJt/OJbffc+o3SREJKH6gLeNisoms9LkyMoWw/DQHRkBixexwXSNgVJPcJ818KVX >TDFvA4srXf6SM4XUpAgIY0tuZwjEwYgxkqYL6D4FXI/du56Zfc7tcWM4ZsPxP/L/ >/d1ko4/T8JfblFJ4N3R6nbG/zzuMLXChGKkPCUF5BRbWsGhXnkvaXvPOXKOdu5Z0 >dQs7bAqlAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUWZ2ujRkgSEb0LuRba+8LQyNu >CtowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFFmd >ro0ZIEhG9C7kW2vvC0MjbgraMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYh >aHR0cDovL2lwYS5hdGdyZWVuLm9yZzo4MC9jYS9vY3NwMA0GCSqGSIb3DQEBCwUA >A4IBAQBKuAjHgyWhjlh613D7P57RLmcBaNe6Mm3i7WNeUxUkjj9+gnblp8LK3aQF >iBOCviQQG0CVLtzqxAWdMiWkc0JjfFcGIavE3Mi77UMpDmLnmG579BnZAF2ksbOk >oYhGWe7MjBN1l16DjkuyOgZGWcZzJYxk+k/Z+8/RwrTlObryUM5E6fRmbn7dpp/9 >eWNze0J+cKO6jGjcGHl2WUiG1k01SGB/SJ5ZLVwmQizwr4APqXOAqH9N0822DXrT >YhImNGR/Bq2zTW0SGWPDqfnsklyHErcE3DPK71f3jBU8FIDHaPsFuCj//h1uljh9 >yfp/lrfPVRgpMJiSrMZv7AIBU9nQMQA= >CRYPTO INIT WITH CERTDB:/tmp/tmp-CTHPP0 >Crypto manager already initialized >importCert string: importing with nickname: ipa-ca-agent >Already logged into to DB >SUCCESS: imported admin user cert >############################################# >Attempting to connect to: ipa.atgreen.org:9445 >Connected. >Posting Query = https://ipa.atgreen.org:9445//ca/admin/console/config/wizard?p=17&op=next&xml=true&caHost=%2F&caPort=%2F >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Mon, 23 Jul 2012 15:32:25 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <port>443</port> > <panel>admin/console/config/donepanel.vm</panel> > <res/> > <initCommand>/sbin/service pki-cad</initCommand> > <showApplyButton/> > <host>ipa.atgreen.org</host> > <ca>true</ca> > <systemType>ca</systemType> > <caType>sdca</caType> > <instanceId>pki-ca</instanceId> > <updateStatus>success</updateStatus> > <lastpanel/> > <errorString/> > <size>19</size> > <info/> > <title>Done</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <externalCA>true</externalCA> > <p>18</p> > <name>CA Setup Wizard</name> > <req/> > <panelname>done</panelname> > <csstate>1</csstate> ></response> >caHost=ipa.atgreen.org >caPort=443 >systemType=ca >Certificate System - CA Instance Configured. > >####################################################################### > >2012-07-23T15:32:26Z DEBUG stderr= >2012-07-23T15:32:26Z DEBUG completed creating ca instance >2012-07-23T15:32:26Z DEBUG duration: 29 seconds >2012-07-23T15:32:26Z DEBUG [4/18]: disabling nonces >2012-07-23T15:32:26Z DEBUG duration: 0 seconds >2012-07-23T15:32:26Z DEBUG [5/18]: creating CA agent PKCS#12 file in /root >2012-07-23T15:32:26Z DEBUG args=/usr/bin/pk12util -n ipa-ca-agent -o /root/ca-agent.p12 -d /tmp/tmp-CTHPP0 -k /tmp/tmpuO2siW -w /tmp/tmpuO2siW >2012-07-23T15:32:26Z DEBUG stdout=pk12util: PKCS12 EXPORT SUCCESSFUL > >2012-07-23T15:32:26Z DEBUG stderr= >2012-07-23T15:32:26Z DEBUG duration: 0 seconds >2012-07-23T15:32:26Z DEBUG [6/18]: creating RA agent certificate database >2012-07-23T15:32:26Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -N >2012-07-23T15:32:26Z DEBUG stdout= >2012-07-23T15:32:26Z DEBUG stderr= >2012-07-23T15:32:26Z DEBUG duration: 0 seconds >2012-07-23T15:32:26Z DEBUG [7/18]: importing CA chain to RA certificate database >2012-07-23T15:32:26Z DEBUG args=/usr/bin/openssl pkcs7 -inform DER -print_certs >2012-07-23T15:32:26Z DEBUG stdout=subject=/O=ATGREEN.ORG/CN=Certificate Authority >issuer=/O=ATGREEN.ORG/CN=Certificate Authority >-----BEGIN CERTIFICATE----- >MIIDizCCAnOgAwIBAgIBATANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdS >RUVOLk9SRzEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcy >MzE1MzIxM1oXDTIwMDcyMzE1MzIxM1owNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcx >HjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEB >BQADggEPADCCAQoCggEBAJjimwXevc4vSkN/m5uBaWqyt1xT6y3dXD6K9+XFXvSP >iLGw2PnRmariHATkEeHP1wRKk64POK4YUp3b0yfXCnsC/QkleA6IcOVL2K7gUW0Y >vucmqAQP31J0hLChfFiCsJe+1EDeGPAV8A6om384lt99z6jdJEQkofqAt42Kyiaz >0uTIyhbD8NAdGQGLF7HBdI2BUk9wnzXwpVdMMW8Diytd/pIzhdSkCAhjS25nCMTB >iDGSpgvoPgVcj927npl9zu1xYzhmw/E/8v/93WSjj9Pwl9uUUng3dHqdsb/PO4wt >cKEYqQ8JQXkFFtawaFeeS9pe885co527lnR1CztsCqUCAwEAAaOBozCBoDAfBgNV >HSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jAPBgNVHRMBAf8EBTADAQH/MA4G >A1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUWZ2ujRkgSEb0LuRba+8LQyNuCtowPQYI >KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3Jn >OjgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAEq4CMeDJaGOWHrXcPs/ntEu >ZwFo17oybeLtY15TFSSOP36CduWnwsrdpAWIE4K+JBAbQJUu3OrEBZ0yJaRzQmN8 >VwYhq8TcyLvtQykOYueYbnv0GdkAXaSxs6ShiEZZ7syME3WXXoOOS7I6BkZZxnMl >jGT6T9n7z9HCtOU5uvJQzkTp9GZuft2mn/15Y3N7Qn5wo7qMaNwYeXZZSIbWTTVI >YH9InlktXCZCLPCvgA+pc4Cof03TzbYNetNiEiY0ZH8GrbNNbRIZY8Op+eySXIcS >twTcM8rvV/eMFTwUgMdo+wW4KP/+HW6WOH3J+n+Wt89VGCkwmJKsxm/sAgFT2dA= >-----END CERTIFICATE----- > > >2012-07-23T15:32:26Z DEBUG stderr= >2012-07-23T15:32:26Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -A -t CT,C,C -n ATGREEN.ORG IPA CA -a -i /tmp/tmp6bKTkX >2012-07-23T15:32:26Z DEBUG stdout= >2012-07-23T15:32:26Z DEBUG stderr= >2012-07-23T15:32:26Z DEBUG duration: 0 seconds >2012-07-23T15:32:26Z DEBUG [8/18]: fixing RA database permissions >2012-07-23T15:32:26Z DEBUG duration: 0 seconds >2012-07-23T15:32:26Z DEBUG [9/18]: setting up signing cert profile >2012-07-23T15:32:26Z DEBUG duration: 0 seconds >2012-07-23T15:32:26Z DEBUG [10/18]: set up CRL publishing >2012-07-23T15:32:26Z DEBUG args=/usr/sbin/selinuxenabled >2012-07-23T15:32:26Z DEBUG stdout= >2012-07-23T15:32:26Z DEBUG stderr= >2012-07-23T15:32:26Z DEBUG args=/sbin/restorecon /var/lib/pki-ca/publish >2012-07-23T15:32:26Z DEBUG stdout= >2012-07-23T15:32:26Z DEBUG stderr= >2012-07-23T15:32:26Z DEBUG duration: 0 seconds >2012-07-23T15:32:26Z DEBUG [11/18]: set certificate subject base >2012-07-23T15:32:26Z DEBUG duration: 0 seconds >2012-07-23T15:32:26Z DEBUG [12/18]: enabling Subject Key Identifier >2012-07-23T15:32:26Z DEBUG duration: 0 seconds >2012-07-23T15:32:26Z DEBUG [13/18]: configuring certificate server to start on boot >2012-07-23T15:32:26Z DEBUG args=/sbin/chkconfig pki-cad >2012-07-23T15:32:26Z DEBUG stdout= >2012-07-23T15:32:26Z DEBUG stderr= >2012-07-23T15:32:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2012-07-23T15:32:26Z DEBUG duration: 0 seconds >2012-07-23T15:32:26Z DEBUG [14/18]: restarting certificate server >2012-07-23T15:33:00Z DEBUG args=/sbin/service pki-cad restart pki-ca >2012-07-23T15:33:00Z DEBUG stdout=Stopping pki-ca: [60G[[0;32m OK [0;39m] >Starting pki-ca: [60G[[0;32m OK [0;39m] > >2012-07-23T15:33:00Z DEBUG stderr= >2012-07-23T15:33:01Z DEBUG duration: 35 seconds >2012-07-23T15:33:01Z DEBUG [15/18]: requesting RA certificate from CA >2012-07-23T15:33:03Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -R -k rsa -g 2048 -s CN=IPA RA,O=ATGREEN.ORG -z /tmp/tmpB_vCRG -a >2012-07-23T15:33:03Z DEBUG stdout= >Certificate request generated by Netscape certutil >Phone: (not specified) > >Common Name: IPA RA >Email: (not specified) >Organization: ATGREEN.ORG >State: (not specified) >Country: (not specified) > >-----BEGIN NEW CERTIFICATE REQUEST----- >MIICbDCCAVQCAQAwJzEUMBIGA1UEChMLQVRHUkVFTi5PUkcxDzANBgNVBAMTBklQ >QSBSQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN8ZqKc49fNsNx22 >AkxFMwK1hVtUmoy/qtDxOzhvai96KG4iTExGCGQ8PDeUrMZj1hG+LoU+R0t9Snai >Qe67Pygsgrdi27D0CH87hhWCbCVN9E5IRodT42iiZ7qBsnqYXaNyiToN8Ly3d0+J >OqyiDlMGjTKndReQUJ7R3+xWGwjVB/H0JlKzkIGgCcB942BWYJQchAT+5rC6oYv0 >dPq7o3QULjXMpnufh5r7DmbTHV2c+LHby81pYIarUqzn13U4mt1d9+zJjT9LcOx1 >1HGVEMEyMT1rZuhU9qZ6kKal8U+8MP75AHt6UMUR3A5H8jEBbYmg6mbfibuQPquK >n0IOps8CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAPNYZLHnvA1iPz6sfZ2XVE >A5OaD2p5zII2YeAeYn7pudLI7JFH5wa0YggfSSYbQtXWZvNx2zETwYRmtwAqXrEB >IOHIeA/hc064bxke9srxTfgxhMKDXVaaQknH74kyz1tPk4fZUQ5gj/tl9zfVmf0r >esqNy1/QqlXodklGIWCV84W1cgsWg/uRJlcdNZyiOsXltkLJTYmskaE/r2o9zzzK >qppRI5z5ztWh666K4s49kp5+KANcYiVk4nViFWDx3d0/SMxzNhT+d0uDz7LFeF5y >sxxFxPjmGkutVMA3joFCWmuREjM2A2DTYgyI1iKVYXPQfPWHmDXtCPm+3oEvuu4h >-----END NEW CERTIFICATE REQUEST----- > >2012-07-23T15:33:03Z DEBUG stderr= > >Generating key. This may take a few moments... > > >2012-07-23T15:33:06Z DEBUG duration: 4 seconds >2012-07-23T15:33:06Z DEBUG [16/18]: issuing RA agent certificate >2012-07-23T15:33:06Z DEBUG args=/usr/bin/certutil -d /tmp/tmp-CTHPP0 -f XXXXXXXX -M -t CT,C,C -n Certificate Authority - ATGREEN.ORG >2012-07-23T15:33:06Z DEBUG stdout= >2012-07-23T15:33:06Z DEBUG stderr= >2012-07-23T15:33:06Z DEBUG args=/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-CTHPP0 -r /ca/agent/ca/profileReview?requestId=7 ipa.atgreen.org:9443 >2012-07-23T15:33:06Z DEBUG stdout=HTTP/1.1 200 OK >Server: Apache-Coyote/1.1 >Content-Type: text/html;charset=UTF-8 >Date: Mon, 23 Jul 2012 15:33:06 GMT >Connection: close > ><!-- --- BEGIN COPYRIGHT BLOCK --- > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > --- END COPYRIGHT BLOCK --- --> ><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> ><html> ><script type="text/javascript"> >requestNotes=""; >requestType="enrollment"; >recordSet = new Array; >record = new Object; >record.conDesc="This constraint accepts the subject name that matches .*CN=.*"; >record.policyId="1"; >record.defListSet = new Array; >defList = new Object; >defList.defId="name"; >defList.defConstraint="null"; >defList.defName="Subject Name"; >defList.defSyntax="string"; >defList.defVal="CN=IPA RA,O=ATGREEN.ORG"; >record.defListSet[0] = defList; >record.defDesc="This default populates a User-Supplied Certificate Subject Name to the request."; >recordSet[0] = record; >record = new Object; >record.conDesc="This constraint rejects the validity that is not between 720 days."; >record.policyId="2"; >record.defListSet = new Array; >defList = new Object; >defList.defId="notBefore"; >defList.defConstraint="null"; >defList.defName="Not Before"; >defList.defSyntax="string"; >defList.defVal="2012-07-23 11:33:05"; >record.defListSet[0] = defList; >defList = new Object; >defList.defId="notAfter"; >defList.defConstraint="null"; >defList.defName="Not After"; >defList.defSyntax="string"; >defList.defVal="2014-07-13 11:33:05"; >record.defListSet[1] = defList; >record.defDesc="This default populates a Certificate Validity to the request. The default values are Range=720 in days"; >recordSet[1] = record; >record = new Object; >record.conDesc="This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096"; >record.policyId="3"; >record.defListSet = new Array; >defList = new Object; >defList.defId="TYPE"; >defList.defConstraint="readonly"; >defList.defName="Key Type"; >defList.defSyntax="string"; >defList.defVal="RSA - 1.2.840.113549.1.1.1"; >record.defListSet[0] = defList; >defList = new Object; >defList.defId="LEN"; >defList.defConstraint="readonly"; >defList.defName="Key Length"; >defList.defSyntax="string"; >defList.defVal="2048"; >record.defListSet[1] = defList; >defList = new Object; >defList.defId="KEY"; >defList.defConstraint="readonly"; >defList.defName="Key"; >defList.defSyntax="string"; >defList.defVal="30:82:01:0A:02:82:01:01:00:DF:19:A8:A7:38:F5:F3:\n6C:37:1D:B6:02:4C:45:33:02:B5:85:5B:54:9A:8C:BF:\nAA:D0:F1:3B:38:6F:6A:2F:7A:28:6E:22:4C:4C:46:08:\n64:3C:3C:37:94:AC:C6:63:D6:11:BE:2E:85:3E:47:4B:\n7D:4A:76:A2:41:EE:BB:3F:28:2C:82:B7:62:DB:B0:F4:\n08:7F:3B:86:15:82:6C:25:4D:F4:4E:48:46:87:53:E3:\n68:A2:67:BA:81:B2:7A:98:5D:A3:72:89:3A:0D:F0:BC:\nB7:77:4F:89:3A:AC:A2:0E:53:06:8D:32:A7:75:17:90:\n50:9E:D1:DF:EC:56:1B:08:D5:07:F1:F4:26:52:B3:90:\n81:A0:09:C0:7D:E3:60:56:60:94:1C:84:04:FE:E6:B0:\nBA:A1:8B:F4:74:FA:BB:A3:74:14:2E:35:CC:A6:7B:9F:\n87:9A:FB:0E:66:D3:1D:5D:9C:F8:B1:DB:CB:CD:69:60:\n86:AB:52:AC:E7:D7:75:38:9A:DD:5D:F7:EC:C9:8D:3F:\n4B:70:EC:75:D4:71:95:10:C1:32:31:3D:6B:66:E8:54:\nF6:A6:7A:90:A6:A5:F1:4F:BC:30:FE:F9:00:7B:7A:50:\nC5:11:DC:0E:47:F2:31:01:6D:89:A0:EA:66:DF:89:BB:\n90:3E:AB:8A:9F:42:0E:A6:CF:02:03:01:00:01\n"; >record.defListSet[2] = defList; >record.defDesc="This default populates a User-Supplied Certificate Key to the request."; >recordSet[2] = record; >record = new Object; >record.conDesc="No Constraint"; >record.policyId="4"; >record.defListSet = new Array; >defList = new Object; >defList.defId="critical"; >defList.defConstraint="readonly"; >defList.defName="Criticality"; >defList.defSyntax="string"; >defList.defVal="false"; >record.defListSet[0] = defList; >defList = new Object; >defList.defId="keyid"; >defList.defConstraint="readonly"; >defList.defName="Key ID"; >defList.defSyntax="string"; >defList.defVal="59:9D:AE:8D:19:20:48:46:F4:2E:E4:5B:6B:EF:0B:43:\n23:6E:0A:DA\n"; >record.defListSet[1] = defList; >record.defDesc="This default populates an Authority Key Identifier Extension (2.5.29.35) to the request."; >recordSet[3] = record; >record = new Object; >record.conDesc="No Constraint"; >record.policyId="5"; >record.defListSet = new Array; >defList = new Object; >defList.defId="authInfoAccessCritical"; >defList.defConstraint="null"; >defList.defName="Criticality"; >defList.defSyntax="boolean"; >defList.defVal="false"; >record.defListSet[0] = defList; >defList = new Object; >defList.defId="authInfoAccessGeneralNames"; >defList.defConstraint="null"; >defList.defName="General Names"; >defList.defSyntax="string_list"; >defList.defVal="Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://ipa.atgreen.org:80/ca/ocsp\r\nEnable:true\r\n\r\n"; >record.defListSet[1] = defList; >record.defDesc="This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}"; >recordSet[4] = record; >record = new Object; >record.conDesc="This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false"; >record.policyId="6"; >record.defListSet = new Array; >defList = new Object; >defList.defId="keyUsageCritical"; >defList.defConstraint="null"; >defList.defName="Criticality"; >defList.defSyntax="boolean"; >defList.defVal="true"; >record.defListSet[0] = defList; >defList = new Object; >defList.defId="keyUsageDigitalSignature"; >defList.defConstraint="null"; >defList.defName="Digital Signature"; >defList.defSyntax="boolean"; >defList.defVal="true"; >record.defListSet[1] = defList; >defList = new Object; >defList.defId="keyUsageNonRepudiation"; >defList.defConstraint="null"; >defList.defName="Non-Repudiation"; >defList.defSyntax="boolean"; >defList.defVal="true"; >record.defListSet[2] = defList; >defList = new Object; >defList.defId="keyUsageKeyEncipherment"; >defList.defConstraint="null"; >defList.defName="Key Encipherment"; >defList.defSyntax="boolean"; >defList.defVal="true"; >record.defListSet[3] = defList; >defList = new Object; >defList.defId="keyUsageDataEncipherment"; >defList.defConstraint="null"; >defList.defName="Data Encipherment"; >defList.defSyntax="boolean"; >defList.defVal="true"; >record.defListSet[4] = defList; >defList = new Object; >defList.defId="keyUsageKeyAgreement"; >defList.defConstraint="null"; >defList.defName="Key Agreement"; >defList.defSyntax="boolean"; >defList.defVal="false"; >record.defListSet[5] = defList; >defList = new Object; >defList.defId="keyUsageKeyCertSign"; >defList.defConstraint="null"; >defList.defName="Key CertSign"; >defList.defSyntax="boolean"; >defList.defVal="false"; >record.defListSet[6] = defList; >defList = new Object; >defList.defId="keyUsageCrlSign"; >defList.defConstraint="null"; >defList.defName="CRL Sign"; >defList.defSyntax="boolean"; >defList.defVal="false"; >record.defListSet[7] = defList; >defList = new Object; >defList.defId="keyUsageEncipherOnly"; >defList.defConstraint="null"; >defList.defName="Encipher Only"; >defList.defSyntax="boolean"; >defList.defVal="false"; >record.defListSet[8] = defList; >defList = new Object; >defList.defId="keyUsageDecipherOnly"; >defList.defConstraint="null"; >defList.defName="Decipher Only"; >defList.defSyntax="boolean"; >defList.defVal="false"; >record.defListSet[9] = defList; >record.defDesc="This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false"; >recordSet[5] = record; >record = new Object; >record.conDesc="No Constraint"; >record.policyId="7"; >record.defListSet = new Array; >defList = new Object; >defList.defId="exKeyUsageCritical"; >defList.defConstraint="null"; >defList.defName="Criticality"; >defList.defSyntax="boolean"; >defList.defVal="false"; >record.defListSet[0] = defList; >defList = new Object; >defList.defId="exKeyUsageOIDs"; >defList.defConstraint="null"; >defList.defName="Comma-Separated list of Object Identifiers"; >defList.defSyntax="string_list"; >defList.defVal="1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2"; >record.defListSet[1] = defList; >record.defDesc="This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2"; >recordSet[6] = record; >record = new Object; >record.conDesc="This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"; >record.policyId="8"; >record.defListSet = new Array; >defList = new Object; >defList.defId="signingAlg"; >defList.defConstraint="SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"; >defList.defName="Signing Algorithm"; >defList.defSyntax="choice"; >defList.defVal="SHA256withRSA"; >record.defListSet[0] = defList; >record.defDesc="This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA"; >recordSet[7] = record; >profileDesc="This certificate profile is for enrolling server certificates."; >inputListSet = new Array; >inputList = new Object; >inputList.inputId="cert_request_type"; >inputList.inputName="Certificate Request Type"; >inputList.inputVal="pkcs10"; >inputList.inputSyntax="cert_request_type"; >inputList.inputConstraint="null"; >inputListSet[0] = inputList; >inputList = new Object; >inputList.inputId="cert_request"; >inputList.inputName="Certificate Request"; >inputList.inputVal="MIICbDCCAVQCAQAwJzEUMBIGA1UEChMLQVRHUkVFTi5PUkcxDzANBgNVBAMTBklQ\r\nQSBSQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN8ZqKc49fNsNx22\r\nAkxFMwK1hVtUmoy/qtDxOzhvai96KG4iTExGCGQ8PDeUrMZj1hG+LoU+R0t9Snai\r\nQe67Pygsgrdi27D0CH87hhWCbCVN9E5IRodT42iiZ7qBsnqYXaNyiToN8Ly3d0+J\r\nOqyiDlMGjTKndReQUJ7R3+xWGwjVB/H0JlKzkIGgCcB942BWYJQchAT+5rC6oYv0\r\ndPq7o3QULjXMpnufh5r7DmbTHV2c+LHby81pYIarUqzn13U4mt1d9+zJjT9LcOx1\r\n1HGVEMEyMT1rZuhU9qZ6kKal8U+8MP75AHt6UMUR3A5H8jEBbYmg6mbfibuQPquK\r\nn0IOps8CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAPNYZLHnvA1iPz6sfZ2XVE\r\nA5OaD2p5zII2YeAeYn7pudLI7JFH5wa0YggfSSYbQtXWZvNx2zETwYRmtwAqXrEB\r\nIOHIeA/hc064bxke9srxTfgxhMKDXVaaQknH74kyz1tPk4fZUQ5gj/tl9zfVmf0r\r\nesqNy1/QqlXodklGIWCV84W1cgsWg/uRJlcdNZyiOsXltkLJTYmskaE/r2o9zzzK\r\nqppRI5z5ztWh666K4s49kp5+KANcYiVk4nViFWDx3d0/SMxzNhT+d0uDz7LFeF5y\r\nsxxFxPjmGkutVMA3joFCWmuREjM2A2DTYgyI1iKVYXPQfPWHmDXtCPm+3oEvuu4h\n"; >inputList.inputSyntax="cert_request"; >inputList.inputConstraint="null"; >inputListSet[1] = inputList; >inputList = new Object; >inputList.inputId="requestor_name"; >inputList.inputName="Requestor Name"; >inputList.inputVal="IPA Installer"; >inputList.inputSyntax="string"; >inputList.inputConstraint="null"; >inputListSet[2] = inputList; >inputList = new Object; >inputList.inputId="requestor_email"; >inputList.inputName="Requestor Email"; >inputList.inputVal="null"; >inputList.inputSyntax="string"; >inputList.inputConstraint="null"; >inputListSet[3] = inputList; >inputList = new Object; >inputList.inputId="requestor_phone"; >inputList.inputName="Requestor Phone"; >inputList.inputVal="null"; >inputList.inputSyntax="string"; >inputList.inputConstraint="null"; >inputListSet[4] = inputList; >errorCode="0"; >requestModificationTime="Mon Jul 23 11:33:06 EDT 2012"; >profileRemoteAddr="10.0.0.99"; >profileName="Manual Server Certificate Enrollment"; >profileApprovedBy="admin"; >requestOwner=""; >profileId="caServerCert"; >profileRemoteHost="10.0.0.99"; >profileIsVisible="true"; >requestId="7"; >errorReason=""; >requestStatus="pending"; >requestCreationTime="Mon Jul 23 11:33:05 EDT 2012"; >outputListSet = new Array; >outputList = new Object; >outputList.outputId="pretty_cert"; >outputList.outputSyntax="pretty_print"; >outputList.outputVal="null"; >outputList.outputName="Certificate Pretty Print"; >outputList.outputConstraint="null"; >outputListSet[0] = outputList; >outputList = new Object; >outputList.outputId="b64_cert"; >outputList.outputSyntax="pretty_print"; >outputList.outputVal="null"; >outputList.outputName="Certificate Base-64 Encoded"; >outputList.outputConstraint="null"; >outputListSet[1] = outputList; >profileSetId="serverCertSet"; ></script> ><style> >TABLE { border-spacing: 0 0; } ></style> > ><script type="text/javascript"> >function escapeValue(value) >{ > return value.replace(/"/g,'"'); >} > >function addEscapes(str) >{ > var outStr = str.replace(/</g, "<"); > outStr = outStr.replace(/>/g, ">"); > return outStr; >} > >document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request '); >document.writeln(requestId); >document.writeln('<br></font>'); ></script> ><font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font> ><table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif" >width="100%"> > <tr> > <td> </td> > </tr> ></table> ><p> ><script type="text/javascript"> >if (requestStatus == 'pending') { > document.writeln('<form method=post action="profileProcess">'); > document.writeln('<input type=hidden name=requestId value=' + requestId + '>'); >} >document.writeln('<p>'); >document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Request Information</FONT></TD></TR></TABLE>'); >document.writeln('<table border=1 width=100%>'); >document.writeln('<tr>'); >document.writeln('<td width=20%>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Request ID:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(requestId); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Request Type:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(requestType); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Request Status:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(requestStatus); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Requestor Host:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(profileRemoteHost); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Assigned To:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(requestOwner); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Creation Time:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(requestCreationTime); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Modification Time:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(requestModificationTime); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('</table>'); >document.writeln('<p>'); >document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Information</FONT></TD></TR></TABLE>'); >document.writeln('<table border=1 width=100%>'); >document.writeln('<tr>'); >document.writeln('<td width=20%>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Certificate Profile Id:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(profileId); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('<tr>'); >document.writeln('<td width=20%>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Approved By:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(profileApprovedBy); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Certificate Profile Name:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(profileName); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Certificate Profile Description:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(profileDesc); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('</table>'); >document.writeln('<p>'); >if (requestStatus != 'pending') { > document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>'); > document.writeln('<table width=100% border=1>'); > document.writeln('<tr>'); > document.writeln('<td>'); > document.writeln(requestNotes); > document.writeln('</td>'); > document.writeln('</tr>'); > document.writeln('</table>'); > document.writeln('<p>'); >} >if (profileIsVisible == 'true') { >document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Inputs</FONT></TD></TR></TABLE>'); >document.writeln('<table border=1 width=100%>'); >document.writeln('<tr>'); >document.writeln('<td width=20%>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Id</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td width=40%>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Input Names</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Input Values</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >for (var i = 0; i < inputListSet.length; i++) { > document.writeln('<tr>'); > document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); > document.writeln(inputListSet[i].inputId); >document.writeln('</FONT>'); > document.writeln('</td>'); > document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); > document.writeln(inputListSet[i].inputName); >document.writeln('</FONT>'); > document.writeln('</td>'); > document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); > document.writeln(addEscapes(inputListSet[i].inputVal)); >document.writeln('</FONT>'); > document.writeln('</td>'); > document.writeln('</tr>'); >} >document.writeln('</table>'); >document.writeln('<p>'); >} >if (requestStatus == 'complete') { >document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Outputs</FONT></TD></TR></TABLE>'); >for (var i = 0; i < outputListSet.length; i++) { > document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">' >); > document.writeln('<li>'); > document.writeln(outputListSet[i].outputName); > document.writeln('</FONT>'); > document.writeln('<p>'); > if (outputListSet[i].outputSyntax == 'string') { > document.writeln(outputListSet[i].outputVal); > } else if (outputListSet[i].outputSyntax == 'pretty_print') { > document.writeln('<pre>'); > document.writeln(outputListSet[i].outputVal); > document.writeln('</pre>'); > } else if (outputListSet[i].outputSyntax == 'der_b64') { > document.writeln('<pre>'); > document.writeln('-----BEGIN CERTIFICATE-----'); > document.writeln(outputListSet[i].outputVal); > document.writeln('-----END CERTIFICATE-----'); > document.writeln('</pre>'); > } > document.writeln('</p>'); >} >} >if (requestStatus == 'pending') { >document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Policy Information</FONT></TD></TR></TABLE>'); >document.writeln('<table>'); >document.writeln('<tr>'); >document.writeln('<td width=20%>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Certificate Profile Set Id:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(profileSetId); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >document.writeln('</table>'); >document.writeln('<table border=1 width=100%>'); >document.writeln('<tr>'); >document.writeln('<td width=10%>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>#</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td width=45%>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Extensions / Fields</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td width=45%>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Constraints</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >for (var i = 0; i < recordSet.length; i++) { > document.writeln('<tr valign=top>'); > document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); > document.writeln(recordSet[i].policyId); >document.writeln('</FONT>'); > document.writeln('</td>'); > document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); > document.writeln(recordSet[i].defDesc); >document.writeln('</FONT>'); > document.writeln('<p>'); > document.writeln('<table width=100%>'); > for (var j = 0; j < recordSet[i].defListSet.length; j++) { > document.writeln('<tr valign=top>'); > if (typeof(recordSet[i].defListSet[j].defName) != 'undefined') { > document.writeln('<td width=30%><i>'); > document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); > document.writeln(recordSet[i].defListSet[j].defName + ':'); > document.writeln('</FONT>'); > document.writeln('</i></td>'); > document.writeln('<td width=70%>'); > if (recordSet[i].defListSet[j].defConstraint == 'readonly') { > document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); > document.writeln(recordSet[i].defListSet[j].defVal); > document.writeln('</FONT>'); > } else { > if (recordSet[i].defListSet[j].defSyntax == 'string') { > document.writeln('<input size=32 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + escapeValue(recordSet[i].defListSet[j].defVal) + '">'); > } else if (recordSet[i].defListSet[j].defSyntax == 'string_list') { > document.writeln('<textarea cols=40 rows=5 name="' + recordSet[i].defListSet[j].defId + '">' + recordSet[i].defListSet[j].defVal + '</textarea>'); > } else if (recordSet[i].defListSet[j].defSyntax == 'integer') { > document.writeln('<input size=6 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">'); > } else if (recordSet[i].defListSet[j].defSyntax == 'image_url') { > document.writeln('<img border=0 src="' + recordSet[i].defListSet[j].defVal + '">'); > document.writeln('<input type=hidden name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">'); > } else if (recordSet[i].defListSet[j].defSyntax == 'choice') { > document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">'); > var c = recordSet[i].defListSet[j].defConstraint.split(','); > for(var k = 0; k < c.length; k++) { > if (recordSet[i].defListSet[j].defVal == c[k]) { > document.writeln('<option selected value=' + c[k] + '>'); > } else { > document.writeln('<option value=' + c[k] + '>'); > } > document.writeln(c[k]); > document.writeln('</option>'); > } > > document.writeln('</select>'); > } else if (recordSet[i].defListSet[j].defSyntax == 'boolean') { > document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">'); > if (recordSet[i].defListSet[j].defVal == 'true') { > document.writeln('<option selected value=true>true</option>'); > document.writeln('<option value=false>false</option>'); > } else { > document.writeln('<option value=true>true</option>'); > document.writeln('<option selected value=false>false</option>'); > } > document.writeln('</select>'); > } > } > document.writeln('</td>'); > } > document.writeln('</tr>'); > } > document.writeln('</table>'); > document.writeln('</td>'); > document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); > document.writeln(recordSet[i].conDesc); >document.writeln('</FONT>'); > document.writeln('</td>'); > document.writeln('</tr>'); >} // for >document.writeln('</table>'); >document.writeln('<p>'); >document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>'); >document.writeln('<textarea cols=40 rows=5 name="requestNotes">' + requestNotes + '</textarea>'); >document.writeln('<p>'); > document.writeln('<SELECT NAME="op">'); > document.writeln('<OPTION VALUE="update">Update request</OPTION>'); > document.writeln('<OPTION VALUE="validate">Validate request</OPTION>'); > document.writeln('<OPTION SELECTED VALUE="approve">Approve request</OPTION>'); > document.writeln('<OPTION VALUE="reject">Reject request</OPTION>'); > document.writeln('<OPTION VALUE="cancel">Cancel request</OPTION>'); > document.writeln('<OPTION VALUE="assign">Assign request</OPTION>'); > document.writeln('<OPTION VALUE="unassign">Unassign request</OPTION>'); > document.writeln('</SELECT>'); >if (typeof(nonce) != "undefined") { > document.writeln("<INPUT TYPE=hidden name=nonce value=\"" + nonce +"\">"); >} >document.writeln('<input type=submit name=submit value=submit>'); >document.writeln('</form>'); >} // if ></script> ></html> > >Subject: CN=ipa.atgreen.org,O=ATGREEN.ORG >Issuer : CN=Certificate Authority,O=ATGREEN.ORG >bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1 > >2012-07-23T15:33:06Z DEBUG stderr=GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0 > >port: 9443 >addr='ipa.atgreen.org' >family='2' >-- SSL3: Server Certificate Validated. >Called mygetclientauthdata - nickname = ipa-ca-agent > mygetclientauthdata - cert = 15ca2a0 > mygetclientauthdata - privkey = 160e520 >PR_Write wrote 55 bytes from bigBuf >bytes: [GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0 > >] >do_writes shutting down send socket >do_writes exiting with (failure = 0) >connection 1 read 9000 bytes (9000 total). >these bytes read: >connection 1 read 9000 bytes (18000 total). >these bytes read: >connection 1 read 9000 bytes (27000 total). >these bytes read: >connection 1 read 3338 bytes (30338 total). >these bytes read: >connection 1 read 30338 bytes total. ----------------------------- > >2012-07-23T15:33:06Z DEBUG args=/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-CTHPP0 -e exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2012-07-23+11%3A33%3A05&keyUsageCritical=true&submit=submit¬After=2014-07-13+11%3A33%3A05&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa.atgreen.org%3A80%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DATGREEN.ORG&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve -r /ca/agent/ca/profileProcess ipa.atgreen.org:9443 >2012-07-23T15:33:06Z DEBUG stdout=HTTP/1.1 200 OK >Server: Apache-Coyote/1.1 >Content-Type: text/html;charset=UTF-8 >Date: Mon, 23 Jul 2012 15:33:06 GMT >Connection: close > ><!-- --- BEGIN COPYRIGHT BLOCK --- > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > --- END COPYRIGHT BLOCK --- --> ><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> ><html> ><script type="text/javascript"> >outputListSet = new Array; >outputList = new Object; >outputList.outputId="pretty_cert"; >outputList.outputSyntax="pretty_print"; >outputList.outputVal=" Certificate: \n Data: \n Version: v3\n Serial Number: 0x7\n Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Issuer: CN=Certificate Authority,O=ATGREEN.ORG\n Validity: \n Not Before: Monday, July 23, 2012 11:33:05 AM EDT America/Toronto\n Not After: Sunday, July 13, 2014 11:33:05 AM EDT America/Toronto\n Subject: CN=IPA RA,O=ATGREEN.ORG\n Subject Public Key Info: \n Algorithm: RSA - 1.2.840.113549.1.1.1\n Public Key: \n Exponent: 65537\n Public Key Modulus: (2048 bits) :\n DF:19:A8:A7:38:F5:F3:6C:37:1D:B6:02:4C:45:33:02:\n B5:85:5B:54:9A:8C:BF:AA:D0:F1:3B:38:6F:6A:2F:7A:\n 28:6E:22:4C:4C:46:08:64:3C:3C:37:94:AC:C6:63:D6:\n 11:BE:2E:85:3E:47:4B:7D:4A:76:A2:41:EE:BB:3F:28:\n 2C:82:B7:62:DB:B0:F4:08:7F:3B:86:15:82:6C:25:4D:\n F4:4E:48:46:87:53:E3:68:A2:67:BA:81:B2:7A:98:5D:\n A3:72:89:3A:0D:F0:BC:B7:77:4F:89:3A:AC:A2:0E:53:\n 06:8D:32:A7:75:17:90:50:9E:D1:DF:EC:56:1B:08:D5:\n 07:F1:F4:26:52:B3:90:81:A0:09:C0:7D:E3:60:56:60:\n 94:1C:84:04:FE:E6:B0:BA:A1:8B:F4:74:FA:BB:A3:74:\n 14:2E:35:CC:A6:7B:9F:87:9A:FB:0E:66:D3:1D:5D:9C:\n F8:B1:DB:CB:CD:69:60:86:AB:52:AC:E7:D7:75:38:9A:\n DD:5D:F7:EC:C9:8D:3F:4B:70:EC:75:D4:71:95:10:C1:\n 32:31:3D:6B:66:E8:54:F6:A6:7A:90:A6:A5:F1:4F:BC:\n 30:FE:F9:00:7B:7A:50:C5:11:DC:0E:47:F2:31:01:6D:\n 89:A0:EA:66:DF:89:BB:90:3E:AB:8A:9F:42:0E:A6:CF\n Extensions: \n Identifier: Authority Key Identifier - 2.5.29.35\n Critical: no \n Key Identifier: \n 59:9D:AE:8D:19:20:48:46:F4:2E:E4:5B:6B:EF:0B:43:\n 23:6E:0A:DA\n Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n Critical: no \n Access Description: \n Method #0: ocsp\n Location #0: URIName: http://ipa.atgreen.org:80/ca/ocsp\n Identifier: Key Usage: - 2.5.29.15\n Critical: yes \n Key Usage: \n Digital Signature \n Non Repudiation \n Key Encipherment \n Data Encipherment \n Identifier: Extended Key Usage: - 2.5.29.37\n Critical: no \n Extended Key Usage: \n 1.3.6.1.5.5.7.3.1\n 1.3.6.1.5.5.7.3.2\n Signature: \n Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Signature: \n 87:6F:34:2D:F4:E7:66:B3:AD:C2:A6:A9:82:AB:23:3F:\n F0:B2:38:68:3F:05:7D:05:65:29:91:A1:2A:71:0B:1A:\n 66:42:70:9E:5C:68:FB:AE:DA:58:EC:52:52:AE:AA:25:\n C6:1B:57:3F:FC:94:FB:EB:AC:E3:7A:F3:2C:55:0B:80:\n 03:AE:79:06:12:8E:23:74:0A:73:CB:E3:31:F9:F5:AE:\n 05:A2:30:24:62:74:3D:5F:99:22:41:FC:E8:1E:17:66:\n 9D:5C:80:BD:A6:E4:83:0E:14:3D:BF:FA:34:B2:72:35:\n 03:B0:77:D0:FF:18:D0:61:25:AA:96:9F:B3:7C:28:56:\n 5D:8D:6E:EC:96:95:CA:22:C9:CF:94:17:4A:15:AB:79:\n 55:D5:40:8B:FA:B8:E2:5B:ED:C8:98:96:6D:2F:FF:BE:\n FF:0B:DD:E7:E4:5F:02:CB:41:28:1B:A4:B3:B9:66:EB:\n E6:36:31:95:D3:92:56:15:ED:D8:50:D3:B8:BC:E2:01:\n A4:F1:99:7C:98:0A:2A:D7:72:71:4C:71:84:48:67:9D:\n C5:D3:F5:D5:C1:71:E3:5A:D7:AA:93:A8:8C:8E:B4:4E:\n 0A:84:45:EC:30:52:78:23:06:3E:01:B8:18:F1:E3:BC:\n D5:87:42:06:23:DA:23:AA:57:D9:C4:68:CF:D7:25:D3\n FingerPrint\n MD2:\n DA:61:7F:A0:5C:B8:01:1A:1C:A3:52:C3:C3:E4:3B:1E\n MD5:\n 1C:79:27:3D:94:29:8E:EC:31:B7:17:87:E4:52:2C:08\n SHA1:\n B3:0A:B4:04:BB:67:27:8B:98:33:97:3C:B0:EB:9E:AE:\n BC:64:3A:67\n SHA256:\n 35:BE:BA:07:2F:83:86:AE:F7:BA:02:BB:29:28:3D:E0:\n 77:15:1C:F9:4A:FF:EC:E8:68:1C:48:4D:99:B2:90:AF\n SHA512:\n 48:15:15:0C:33:CF:B3:03:FA:C2:9B:F5:95:BD:A3:B0:\n 08:0B:EC:DD:13:2D:C3:00:38:D2:FB:82:AE:2A:38:59:\n F2:2A:02:40:D2:60:FD:22:25:77:94:FB:89:1A:9F:31:\n 1B:6B:AC:29:55:82:CC:7A:CE:3C:83:D2:50:02:59:95\n"; >outputList.outputName="Certificate Pretty Print"; >outputList.outputConstraint="null"; >outputListSet[0] = outputList; >outputList = new Object; >outputList.outputId="b64_cert"; >outputList.outputSyntax="pretty_print"; >outputList.outputVal="-----BEGIN CERTIFICATE-----\nMIIDazCCAlOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdS\r\nRUVOLk9SRzEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcy\r\nMzE1MzMwNVoXDTE0MDcxMzE1MzMwNVowJzEUMBIGA1UEChMLQVRHUkVFTi5PUkcx\r\nDzANBgNVBAMTBklQQSBSQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\r\nAN8ZqKc49fNsNx22AkxFMwK1hVtUmoy/qtDxOzhvai96KG4iTExGCGQ8PDeUrMZj\r\n1hG+LoU+R0t9SnaiQe67Pygsgrdi27D0CH87hhWCbCVN9E5IRodT42iiZ7qBsnqY\r\nXaNyiToN8Ly3d0+JOqyiDlMGjTKndReQUJ7R3+xWGwjVB/H0JlKzkIGgCcB942BW\r\nYJQchAT+5rC6oYv0dPq7o3QULjXMpnufh5r7DmbTHV2c+LHby81pYIarUqzn13U4\r\nmt1d9+zJjT9LcOx11HGVEMEyMT1rZuhU9qZ6kKal8U+8MP75AHt6UMUR3A5H8jEB\r\nbYmg6mbfibuQPquKn0IOps8CAwEAAaOBkjCBjzAfBgNVHSMEGDAWgBRZna6NGSBI\r\nRvQu5Ftr7wtDI24K2jA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6\r\nLy9pcGEuYXRncmVlbi5vcmc6ODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYD\r\nVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCH\r\nbzQt9Odms63CpqmCqyM/8LI4aD8FfQVlKZGhKnELGmZCcJ5caPuu2ljsUlKuqiXG\r\nG1c//JT766zjevMsVQuAA655BhKOI3QKc8vjMfn1rgWiMCRidD1fmSJB/OgeF2ad\r\nXIC9puSDDhQ9v/o0snI1A7B30P8Y0GElqpafs3woVl2NbuyWlcoiyc+UF0oVq3lV\r\n1UCL+rjiW+3ImJZtL/++/wvd5+RfAstBKBuks7lm6+Y2MZXTklYV7dhQ07i84gGk\r\n8Zl8mAoq13JxTHGESGedxdP11cFx41rXqpOojI60TgqERewwUngjBj4BuBjx47zV\r\nh0IGI9ojqlfZxGjP1yXT\n-----END CERTIFICATE-----\n"; >outputList.outputName="Certificate Base-64 Encoded"; >outputList.outputConstraint="null"; >outputListSet[1] = outputList; >errorReason=""; >requestType="enrollment"; >profileId="caServerCert"; >requestId="7"; >errorCode="0"; >requestStatus="complete"; >op="approve"; ></script> > ><script type="text/javascript"> >function addEscapes(str) >{ > var outStr = str.replace(/</g, "<"); > outStr = outStr.replace(/>/g, ">"); > return outStr; >} > >document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request '); >if (typeof(requestId) != "undefined") { > document.writeln(requestId); >} >document.writeln('<br></font>'); ></script> ><font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font> ><table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif" width="100%"> > <tr> > <td> </td> > </tr> ></table> ><p> > ><script type="text/javascript"> >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Request Information:</b>'); >document.writeln('</FONT>'); >document.writeln('<table border=1 width=100%>'); >if (typeof(requestId) != "undefined") { >document.writeln('<tr>'); >document.writeln('<td width=30%>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Request ID:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<a href="profileReview?requestId=' + requestId + '">'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(requestId); >document.writeln('</FONT>'); >document.writeln('</a>'); >document.writeln('</td>'); >document.writeln('</tr>'); >} >if (typeof(requestType) != "undefined") { >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Request Type:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(requestType); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >} >if (typeof(requestStatus) != "undefined") { >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Request Status:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(requestStatus); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >} >if (typeof(profileId) != "undefined") { >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Certificate Profile Id:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(profileId); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >} >if (typeof(op) != "undefined") { >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Operation Requested:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(op); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >} >if (typeof(errorCode) != "undefined") { >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Error Code:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(errorCode); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >} >if (typeof(errorReason) != "undefined") { >document.writeln('<tr>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln('<b>Error Reason:</b>'); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('<td>'); >document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); >document.writeln(errorReason); >document.writeln('</FONT>'); >document.writeln('</td>'); >document.writeln('</tr>'); >} >document.writeln('</table>'); >document.writeln('<p>'); >document.writeln('</table>'); >if (typeof(requestStatus) != "undefined" && requestStatus == 'complete') { > document.writeln('<table width=100%>'); >for (var i = 0; i < outputListSet.length; i++) { > document.writeln('<tr valign=top>'); > document.writeln('<td>'); > document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">' >); > document.writeln('<li>'); > document.writeln(outputListSet[i].outputName); > document.writeln('</FONT>'); > document.writeln('</td>'); > document.writeln('<tr valign=top>'); > document.writeln('</tr>'); > document.writeln('<td>'); > if (outputListSet[i].outputSyntax == 'string') { > document.writeln(addEscapes(outputListSet[i].outputVal)); > } else if (outputListSet[i].outputSyntax == 'pretty_print') { > document.writeln('<pre>'); > document.writeln(addEscapes(outputListSet[i].outputVal)); > document.writeln('</pre>'); > } > document.writeln('</td>'); > document.writeln('</tr>'); >} > document.writeln('</table>'); >} ></script> ></html> > >Subject: CN=ipa.atgreen.org,O=ATGREEN.ORG >Issuer : CN=Certificate Authority,O=ATGREEN.ORG >bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1 > >2012-07-23T15:33:06Z DEBUG stderr=POST /ca/agent/ca/profileProcess HTTP/1.0 >Content-Length: 746 >Content-Type: application/x-www-form-urlencoded > >exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2012-07-23+11%3A33%3A05&keyUsageCritical=true&submit=submit¬After=2014-07-13+11%3A33%3A05&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa.atgreen.org%3A80%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DATGREEN.ORG&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approveport: 9443 >addr='ipa.atgreen.org' >family='2' >-- SSL3: Server Certificate Validated. >Called mygetclientauthdata - nickname = ipa-ca-agent > mygetclientauthdata - cert = 25f45d0 > mygetclientauthdata - privkey = 2638850 >PR_Write wrote 861 bytes from bigBuf >bytes: [POST /ca/agent/ca/profileProcess HTTP/1.0 >Content-Length: 746 >Content-Type: application/x-www-form-urlencoded > >exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2012-07-23+11%3A33%3A05&keyUsageCritical=true&submit=submit¬After=2014-07-13+11%3A33%3A05&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa.atgreen.org%3A80%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DATGREEN.ORG&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve] >do_writes shutting down send socket >do_writes exiting with (failure = 0) >connection 1 read 9000 bytes (9000 total). >these bytes read: >connection 1 read 4554 bytes (13554 total). >these bytes read: >connection 1 read 13554 bytes total. ----------------------------- > >2012-07-23T15:33:06Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -A -t u,u,u -n ipaCert -a -i /tmp/tmpnSMFkD >2012-07-23T15:33:06Z DEBUG stdout= >2012-07-23T15:33:06Z DEBUG stderr= >2012-07-23T15:33:06Z DEBUG duration: 0 seconds >2012-07-23T15:33:06Z DEBUG [17/18]: adding RA agent as a trusted user >2012-07-23T15:33:07Z DEBUG duration: 0 seconds >2012-07-23T15:33:07Z DEBUG [18/18]: Configure HTTP to proxy connections >2012-07-23T15:33:07Z DEBUG duration: 0 seconds >2012-07-23T15:33:07Z DEBUG done configuring pki-cad. >2012-07-23T15:33:07Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -L -n ATGREEN.ORG IPA CA -a >2012-07-23T15:33:07Z DEBUG stdout=-----BEGIN CERTIFICATE----- >MIIDizCCAnOgAwIBAgIBATANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdS >RUVOLk9SRzEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcy >MzE1MzIxM1oXDTIwMDcyMzE1MzIxM1owNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcx >HjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEB >BQADggEPADCCAQoCggEBAJjimwXevc4vSkN/m5uBaWqyt1xT6y3dXD6K9+XFXvSP >iLGw2PnRmariHATkEeHP1wRKk64POK4YUp3b0yfXCnsC/QkleA6IcOVL2K7gUW0Y >vucmqAQP31J0hLChfFiCsJe+1EDeGPAV8A6om384lt99z6jdJEQkofqAt42Kyiaz >0uTIyhbD8NAdGQGLF7HBdI2BUk9wnzXwpVdMMW8Diytd/pIzhdSkCAhjS25nCMTB >iDGSpgvoPgVcj927npl9zu1xYzhmw/E/8v/93WSjj9Pwl9uUUng3dHqdsb/PO4wt >cKEYqQ8JQXkFFtawaFeeS9pe885co527lnR1CztsCqUCAwEAAaOBozCBoDAfBgNV >HSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jAPBgNVHRMBAf8EBTADAQH/MA4G >A1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUWZ2ujRkgSEb0LuRba+8LQyNuCtowPQYI >KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3Jn >OjgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAEq4CMeDJaGOWHrXcPs/ntEu >ZwFo17oybeLtY15TFSSOP36CduWnwsrdpAWIE4K+JBAbQJUu3OrEBZ0yJaRzQmN8 >VwYhq8TcyLvtQykOYueYbnv0GdkAXaSxs6ShiEZZ7syME3WXXoOOS7I6BkZZxnMl >jGT6T9n7z9HCtOU5uvJQzkTp9GZuft2mn/15Y3N7Qn5wo7qMaNwYeXZZSIbWTTVI >YH9InlktXCZCLPCvgA+pc4Cof03TzbYNetNiEiY0ZH8GrbNNbRIZY8Op+eySXIcS >twTcM8rvV/eMFTwUgMdo+wW4KP/+HW6WOH3J+n+Wt89VGCkwmJKsxm/sAgFT2dA= >-----END CERTIFICATE----- > >2012-07-23T15:33:07Z DEBUG stderr= >2012-07-23T15:33:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2012-07-23T15:33:07Z DEBUG Configuring directory server: Estimated time 1 minute >2012-07-23T15:33:07Z DEBUG [1/35]: creating directory server user >2012-07-23T15:33:07Z DEBUG adding ds user dirsrv >2012-07-23T15:33:07Z DEBUG args=/usr/sbin/useradd -g dirsrv -c DS System User -d /var/lib/dirsrv -s /sbin/nologin -M -r dirsrv >2012-07-23T15:33:07Z DEBUG stdout= >2012-07-23T15:33:07Z DEBUG stderr= >2012-07-23T15:33:07Z DEBUG done adding user >2012-07-23T15:33:07Z DEBUG duration: 0 seconds >2012-07-23T15:33:07Z DEBUG [2/35]: creating directory server instance >2012-07-23T15:33:07Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2012-07-23T15:33:07Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' >2012-07-23T15:33:07Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2012-07-23T15:33:07Z DEBUG >dn: dc=atgreen,dc=org >objectClass: top >objectClass: domain >objectClass: pilotObject >dc: atgreen >info: IPA V2.0 > >2012-07-23T15:33:07Z DEBUG writing inf template >2012-07-23T15:33:07Z DEBUG >[General] >FullMachineName= ipa.atgreen.org >SuiteSpotUserID= dirsrv >SuiteSpotGroup= dirsrv >ServerRoot= /usr/lib64/dirsrv >[slapd] >ServerPort= 389 >ServerIdentifier= ATGREEN-ORG >Suffix= dc=atgreen,dc=org >RootDN= cn=Directory Manager >InstallLdifFile= /var/lib/dirsrv/boot.ldif >inst_dir= /var/lib/dirsrv/scripts-ATGREEN-ORG > >2012-07-23T15:33:07Z DEBUG calling setup-ds.pl >2012-07-23T15:33:14Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpTRTKFp >2012-07-23T15:33:14Z DEBUG stdout=[12/07/23:11:33:14] - [Setup] Info Could not import LDIF file '/var/lib/dirsrv/boot.ldif'. Error: 59648. Output: importing data ... >[23/Jul/2012:11:33:07 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database >[23/Jul/2012:11:33:07 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 255186, procpages: 50168 >[23/Jul/2012:11:33:07 -0400] - WARNING: After allocating import cache 408296KB, the available memory is 612448KB, which is less than the soft limit 1048576KB. You may want to decrease the import cache size and rerun import. >[23/Jul/2012:11:33:07 -0400] - Import allocates 408296KB import cache. >[23/Jul/2012:11:33:08 -0400] - import userRoot: Beginning import job... >[23/Jul/2012:11:33:08 -0400] - import userRoot: Index buffering enabled with bucket size 100 >[23/Jul/2012:11:33:08 -0400] - import userRoot: Could not open LDIF file "/var/lib/dirsrv/boot.ldif", errno 13 (Permission denied) >[23/Jul/2012:11:33:08 -0400] - import userRoot: Aborting all Import threads... >[23/Jul/2012:11:33:13 -0400] - import userRoot: Import threads aborted. >[23/Jul/2012:11:33:13 -0400] - import userRoot: Closing files... >/var/lib/dirsrv/slapd-ATGREEN-ORG/db/userRoot: No such file or directory >[23/Jul/2012:11:33:13 -0400] - All database threads now stopped >[23/Jul/2012:11:33:14 -0400] - import userRoot: Import failed. > >Could not import LDIF file '/var/lib/dirsrv/boot.ldif'. Error: 59648. Output: importing data ... >[23/Jul/2012:11:33:07 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database >[23/Jul/2012:11:33:07 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 255186, procpages: 50168 >[23/Jul/2012:11:33:07 -0400] - WARNING: After allocating import cache 408296KB, the available memory is 612448KB, which is less than the soft limit 1048576KB. You may want to decrease the import cache size and rerun import. >[23/Jul/2012:11:33:07 -0400] - Import allocates 408296KB import cache. >[23/Jul/2012:11:33:08 -0400] - import userRoot: Beginning import job... >[23/Jul/2012:11:33:08 -0400] - import userRoot: Index buffering enabled with bucket size 100 >[23/Jul/2012:11:33:08 -0400] - import userRoot: Could not open LDIF file "/var/lib/dirsrv/boot.ldif", errno 13 (Permission denied) >[23/Jul/2012:11:33:08 -0400] - import userRoot: Aborting all Import threads... >[23/Jul/2012:11:33:13 -0400] - import userRoot: Import threads aborted. >[23/Jul/2012:11:33:13 -0400] - import userRoot: Closing files... >/var/lib/dirsrv/slapd-ATGREEN-ORG/db/userRoot: No such file or directory >[23/Jul/2012:11:33:13 -0400] - All database threads now stopped >[23/Jul/2012:11:33:14 -0400] - import userRoot: Import failed. > >[12/07/23:11:33:14] - [Setup] Fatal Error: Could not create directory server instance 'ATGREEN-ORG'. >Error: Could not create directory server instance 'ATGREEN-ORG'. >[12/07/23:11:33:14] - [Setup] Fatal Exiting . . . >Log file is '-' > >Exiting . . . >Log file is '-' > > >2012-07-23T15:33:14Z DEBUG stderr= >2012-07-23T15:33:14Z CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpTRTKFp' returned non-zero exit status 1 >2012-07-23T15:33:14Z DEBUG restarting ds instance >2012-07-23T15:33:16Z DEBUG args=/sbin/service dirsrv restart ATGREEN-ORG >2012-07-23T15:33:16Z DEBUG stdout=Shutting down dirsrv: > ATGREEN-ORG... server already stopped[60G[[0;31mFAILED[0;39m] > *** Error: 1 instance(s) unsuccessfully stopped[60G[[0;31mFAILED[0;39m] >Starting dirsrv: > ATGREEN-ORG...[60G[[0;32m OK [0;39m] > >2012-07-23T15:33:16Z DEBUG stderr= >2012-07-23T15:33:16Z DEBUG args=/sbin/service dirsrv status ATGREEN-ORG >2012-07-23T15:33:16Z DEBUG stdout=dirsrv ATGREEN-ORG (pid 12247) is running... > >2012-07-23T15:33:16Z DEBUG stderr= >2012-07-23T15:33:16Z DEBUG done restarting ds instance >2012-07-23T15:33:16Z DEBUG duration: 9 seconds >2012-07-23T15:33:16Z DEBUG [3/35]: adding default schema >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [4/35]: enabling memberof plugin >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /usr/share/ipa/memberof-conf.ldif -x -D cn=Directory Manager -y /tmp/tmpFe5T9d >2012-07-23T15:33:16Z DEBUG stdout=replace nsslapd-pluginenabled: > on >add memberofgroupattr: > memberUser >add memberofgroupattr: > memberHost >modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [5/35]: enabling referential integrity plugin >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /usr/share/ipa/referint-conf.ldif -x -D cn=Directory Manager -y /tmp/tmptRAxS5 >2012-07-23T15:33:16Z DEBUG stdout=replace nsslapd-pluginenabled: > on >add nsslapd-pluginArg7: > manager >add nsslapd-pluginArg8: > secretary >modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [6/35]: enabling winsync plugin >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /usr/share/ipa/ipa-winsync-conf.ldif -x -D cn=Directory Manager -y /tmp/tmpJPX074 >2012-07-23T15:33:16Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa-winsync >add nsslapd-pluginpath: > libipa_winsync >add nsslapd-plugininitfunc: > ipa_winsync_plugin_init >add nsslapd-pluginDescription: > Allows IPA to work with the DS windows sync feature >add nsslapd-pluginid: > ipa-winsync >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-plugin-depends-on-type: > database >add ipaWinSyncRealmFilter: > (objectclass=krbRealmContainer) >add ipaWinSyncRealmAttr: > cn >add ipaWinSyncNewEntryFilter: > (cn=ipaConfig) >add ipaWinSyncNewUserOCAttr: > ipauserobjectclasses >add ipaWinSyncUserFlatten: > true >add ipaWinsyncHomeDirAttr: > ipaHomesRootDir >add ipaWinsyncLoginShellAttr: > ipaDefaultLoginShell >add ipaWinSyncDefaultGroupAttr: > ipaDefaultPrimaryGroup >add ipaWinSyncDefaultGroupFilter: > (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) >add ipaWinSyncAcctDisable: > both >add ipaWinSyncForceSync: > true >add ipaWinSyncUserAttr: > uidNumber 999 > gidNumber 999 >adding new entry "cn=ipa-winsync,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [7/35]: configuring replication version plugin >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /usr/share/ipa/version-conf.ldif -x -D cn=Directory Manager -y /tmp/tmpZGxyU0 >2012-07-23T15:33:16Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Version Replication >add nsslapd-pluginpath: > libipa_repl_version >add nsslapd-plugininitfunc: > repl_version_plugin_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > off >add nsslapd-pluginid: > ipa_repl_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Replication version plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-plugin-depends-on-named: > Multimaster Replication Plugin >adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [8/35]: enabling IPA enrollment plugin >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpwMYnSO -x -D cn=Directory Manager -y /tmp/tmpHKJJHK >2012-07-23T15:33:16Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_enrollment_extop >add nsslapd-pluginpath: > libipa_enrollment_extop >add nsslapd-plugininitfunc: > ipaenrollment_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_enrollment_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Enroll hosts into the IPA domain >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=atgreen,dc=org >adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [9/35]: enabling ldapi >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpckOmvp -x -D cn=Directory Manager -y /tmp/tmpMgpCUR >2012-07-23T15:33:16Z DEBUG stdout=replace nsslapd-ldapilisten: > on >modifying entry "cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [10/35]: configuring uniqueness plugin >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpydOBy0 -x -D cn=Directory Manager -y /tmp/tmpTRtzYa >2012-07-23T15:33:16Z DEBUG stdout=add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbPrincipalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add nsslapd-pluginarg0: > krbPrincipalName >add nsslapd-pluginarg1: > dc=atgreen,dc=org >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbCanonicalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add nsslapd-pluginarg0: > krbCanonicalName >add nsslapd-pluginarg1: > dc=atgreen,dc=org >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > netgroup uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add nsslapd-pluginarg0: > cn >add nsslapd-pluginarg1: > cn=ng,cn=alt,dc=atgreen,dc=org >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipaUniqueID uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add nsslapd-pluginarg0: > ipaUniqueID >add nsslapd-pluginarg1: > dc=atgreen,dc=org >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [11/35]: configuring uuid plugin >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /usr/share/ipa/uuid-conf.ldif -x -D cn=Directory Manager -y /tmp/tmphH_nF5 >2012-07-23T15:33:16Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA UUID >add nsslapd-pluginpath: > libipa_uuid >add nsslapd-plugininitfunc: > ipauuid_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipauuid_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA UUID plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpSAwys4 -x -D cn=Directory Manager -y /tmp/tmpKG3jim >2012-07-23T15:33:16Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > IPA Unique IDs >add ipaUuidAttr: > ipaUniqueID >add ipaUuidMagicRegen: > autogenerate >add ipaUuidFilter: > (|(objectclass=ipaObject)(objectclass=ipaAssociation)) >add ipaUuidScope: > dc=atgreen,dc=org >add ipaUuidEnforce: > TRUE >adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [12/35]: configuring modrdn plugin >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /usr/share/ipa/modrdn-conf.ldif -x -D cn=Directory Manager -y /tmp/tmpe6QSbD >2012-07-23T15:33:16Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA MODRDN >add nsslapd-pluginpath: > libipa_modrdn >add nsslapd-plugininitfunc: > ipamodrdn_init >add nsslapd-plugintype: > postoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipamodrdn_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA MODRDN plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginPrecedence: > 60 >adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpZcl9nW -x -D cn=Directory Manager -y /tmp/tmpmj3MbX >2012-07-23T15:33:16Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Kerberos Principal Name >add ipaModRDNsourceAttr: > uid >add ipaModRDNtargetAttr: > krbPrincipalName >add ipaModRDNsuffix: > @ATGREEN.ORG >add ipaModRDNfilter: > (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) >add ipaModRDNscope: > dc=atgreen,dc=org >adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [13/35]: enabling entryUSN plugin >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /usr/share/ipa/entryusn.ldif -x -D cn=Directory Manager -y /tmp/tmpOBkDWs >2012-07-23T15:33:16Z DEBUG stdout=replace nsslapd-entryusn-global: > on >modifying entry "cn=config" >modify complete > >replace nsslapd-entryusn-import-initval: > next >modifying entry "cn=config" >modify complete > >replace nsslapd-pluginenabled: > on >modifying entry "cn=USN,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [14/35]: configuring lockout plugin >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /usr/share/ipa/lockout-conf.ldif -x -D cn=Directory Manager -y /tmp/tmpwcO37c >2012-07-23T15:33:16Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Lockout >add nsslapd-pluginpath: > libipa_lockout >add nsslapd-plugininitfunc: > ipalockout_init >add nsslapd-plugintype: > object >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipalockout_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Lockout plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA Lockout,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [15/35]: creating indices >2012-07-23T15:33:16Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /usr/share/ipa/indices.ldif -x -D cn=Directory Manager -y /tmp/tmpLletrc >2012-07-23T15:33:16Z DEBUG stdout=add objectClass: > top > nsIndex >add cn: > krbPrincipalName >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > ou >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > carLicense >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > title >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > manager >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > secretary >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > displayname >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add nsIndexType: > sub >modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > uidnumber >add nsSystemIndex: > false >add nsIndexType: > eq >add nsMatchingRule: > integerOrderingMatch >adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > gidnumber >add nsSystemIndex: > false >add nsIndexType: > eq >add nsMatchingRule: > integerOrderingMatch >adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >replace nsIndexType: > eq,pres >modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >replace nsIndexType: > eq,pres >modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:16Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:16Z DEBUG duration: 0 seconds >2012-07-23T15:33:16Z DEBUG [16/35]: configuring ssl for ds instance >2012-07-23T15:33:16Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2012-07-23T15:33:16Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2012-07-23T15:33:16Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L -n ATGREEN.ORG IPA CA -a >2012-07-23T15:33:16Z DEBUG stdout=-----BEGIN CERTIFICATE----- >MIIDizCCAnOgAwIBAgIBATANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdS >RUVOLk9SRzEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcy >MzE1MzIxM1oXDTIwMDcyMzE1MzIxM1owNjEUMBIGA1UEChMLQVRHUkVFTi5PUkcx >HjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEB >BQADggEPADCCAQoCggEBAJjimwXevc4vSkN/m5uBaWqyt1xT6y3dXD6K9+XFXvSP >iLGw2PnRmariHATkEeHP1wRKk64POK4YUp3b0yfXCnsC/QkleA6IcOVL2K7gUW0Y >vucmqAQP31J0hLChfFiCsJe+1EDeGPAV8A6om384lt99z6jdJEQkofqAt42Kyiaz >0uTIyhbD8NAdGQGLF7HBdI2BUk9wnzXwpVdMMW8Diytd/pIzhdSkCAhjS25nCMTB >iDGSpgvoPgVcj927npl9zu1xYzhmw/E/8v/93WSjj9Pwl9uUUng3dHqdsb/PO4wt >cKEYqQ8JQXkFFtawaFeeS9pe885co527lnR1CztsCqUCAwEAAaOBozCBoDAfBgNV >HSMEGDAWgBRZna6NGSBIRvQu5Ftr7wtDI24K2jAPBgNVHRMBAf8EBTADAQH/MA4G >A1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUWZ2ujRkgSEb0LuRba+8LQyNuCtowPQYI >KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLmF0Z3JlZW4ub3Jn >OjgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAEq4CMeDJaGOWHrXcPs/ntEu >ZwFo17oybeLtY15TFSSOP36CduWnwsrdpAWIE4K+JBAbQJUu3OrEBZ0yJaRzQmN8 >VwYhq8TcyLvtQykOYueYbnv0GdkAXaSxs6ShiEZZ7syME3WXXoOOS7I6BkZZxnMl >jGT6T9n7z9HCtOU5uvJQzkTp9GZuft2mn/15Y3N7Qn5wo7qMaNwYeXZZSIbWTTVI >YH9InlktXCZCLPCvgA+pc4Cof03TzbYNetNiEiY0ZH8GrbNNbRIZY8Op+eySXIcS >twTcM8rvV/eMFTwUgMdo+wW4KP/+HW6WOH3J+n+Wt89VGCkwmJKsxm/sAgFT2dA= >-----END CERTIFICATE----- > >2012-07-23T15:33:16Z DEBUG stderr= >2012-07-23T15:33:16Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-ATGREEN-ORG/ -L -n ATGREEN.ORG IPA CA -a >2012-07-23T15:33:16Z DEBUG stdout= >2012-07-23T15:33:16Z DEBUG stderr=certutil: Could not find cert: ATGREEN.ORG IPA CA >: File not found > >2012-07-23T15:33:16Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-ATGREEN-ORG/ -N -f /etc/dirsrv/slapd-ATGREEN-ORG//pwdfile.txt >2012-07-23T15:33:16Z DEBUG stdout= >2012-07-23T15:33:16Z DEBUG stderr= >2012-07-23T15:33:16Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-ATGREEN-ORG/ -A -n ATGREEN.ORG IPA CA -t CT,,C -a >2012-07-23T15:33:16Z DEBUG stdout= >2012-07-23T15:33:16Z DEBUG stderr= >2012-07-23T15:33:17Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-ATGREEN-ORG/ -R -s CN=ipa.atgreen.org,O=ATGREEN.ORG -o /var/lib/ipa/ipa-QztWAc/tmpcertreq -k rsa -g 2048 -z /etc/dirsrv/slapd-ATGREEN-ORG//noise.txt -f /etc/dirsrv/slapd-ATGREEN-ORG//pwdfile.txt -a >2012-07-23T15:33:17Z DEBUG stdout= >2012-07-23T15:33:17Z DEBUG stderr= > >Generating key. This may take a few moments... > > >2012-07-23T15:33:17Z DEBUG https_request 'https://ipa.atgreen.org:9444/ca/ee/ca/profileSubmitSSLClient' >2012-07-23T15:33:17Z DEBUG https_request post 'profileId=caIPAserviceCert&requestor_name=IPA+Installer&cert_request=MIICdTCCAV0CAQAwMDEUMBIGA1UEChMLQVRHUkVFTi5PUkcxGDAWBgNVBAMTD2lw%0D%0AYS5hdGdyZWVuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvt%0D%0AEmYv0wwSjNe5UTk4Vx8rQNWZaVo4O4n7j9T9thGk6KnYFTLZj4UqooJ6cUBaE9k0%0D%0AuEFLxFZ9yKJTxEUCDsM80o3U%2B4B15PyAUv6kFXEcN3OxVXovVk98TRumf77Pu%2BHh%0D%0AZTV2mzMX5RwNZOG58PLl5oRD5sw00m5rxaqsFAM5qRroLvLoeNRKto9uGGvfiPRG%0D%0AeD8eE4IZypfADGBxyNBYZaVrLshM4L%2F%2BqkkJPaKYPIX2RX8sGmz27Thw0pYWJJB7%0D%0AYas23%2BW4ODN%2FHlQ%2B0rh15hig3qP6pd%2BTZP8T6Mv4CYWWV%2F9Q4KtG6ITkuT47cjib%0D%0AfQslCkrWFnTnfd8dW%2BkCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBARPPpjwcI%0D%0AVRYnuzXb7g6FdQwRkSyieZGWMUcPE5S%2FX3j%2FiRBZi01qg36DyeHvn0UamQNIzCfC%0D%0Av%2FSV9wIJ70NENbrXNyduJpT0hKDIUfQDc%2FSYC5xYubl7rArAb3ud4dxKDT%2FPt19g%0D%0ARhUeQrLJ2aSllCwLpZQx1Yt4dFYLgO0vXwKKmhBqavrZ9RHEsHnS9Shl0c4NTE%2BH%0D%0A7E85Va9QRmM0cyP0yAtKhwmlGYtjhTPv4Gwzwm%2FQlwjpShSjdI4AwKkccdtUz%2Bk1%0D%0Augsyc33XPfMC%2BVI7zBdmYPBWJpqvwXqDZEqrobUgDYV8VGxf5NffXHwgeum71OnO%0D%0ADiR9pqewta2i%0A&cert_request_type=pkcs10&xmlOutput=true' >2012-07-23T15:33:17Z DEBUG NSSConnection init ipa.atgreen.org >2012-07-23T15:33:17Z DEBUG connect_socket_family: host=ipa.atgreen.org port=9444 family=PR_AF_INET >2012-07-23T15:33:17Z DEBUG connecting: 10.0.0.99:9444 >2012-07-23T15:33:17Z DEBUG auth_certificate_callback: check_sig=True is_server=False > Data: > Version: 3 (0x2) > Serial Number: 3 (0x3) > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Issuer: CN=Certificate Authority,O=ATGREEN.ORG > Validity: > Not Before: Mon Jul 23 15:32:18 2012 UTC > Not After : Sun Jul 13 15:32:18 2014 UTC > Subject: CN=ipa.atgreen.org,O=ATGREEN.ORG > Subject Public Key Info: > Public Key Algorithm: PKCS #1 RSA Encryption > RSA Public Key: > Modulus: > c7:38:bc:16:f3:63:4c:29:f6:b7:97:a3:6e:66:5e:04: > fd:ae:f6:23:ed:71:e5:f8:3f:1c:c4:93:f2:c3:ad:e6: > 5b:91:8e:6c:10:dd:9f:8f:7d:35:33:22:d5:31:02:54: > 28:d2:a2:1a:f7:82:5e:ee:53:2e:51:06:35:a7:4b:fd: > 2e:54:f5:6a:b9:92:43:34:0a:60:ae:b6:4f:e2:8f:5f: > 92:5a:29:5b:6e:7f:79:d5:34:39:79:74:15:a8:97:dd: > ba:f4:bd:49:1a:ee:3c:33:19:f9:78:1c:d0:33:84:13: > 8b:0f:59:ee:91:e4:a0:07:fa:d8:f5:05:07:88:77:23: > e3:90:3c:2e:aa:8d:ec:2d:ee:f6:12:4a:02:59:dd:5a: > 9d:22:6b:f4:2a:0c:86:ab:d1:92:d3:96:e7:dc:7d:e2: > 59:34:31:14:29:ae:e5:3d:93:0b:0c:be:c3:43:da:15: > 30:fa:37:c5:d2:e3:22:fd:43:40:b8:13:c8:61:13:f1: > 73:28:1a:2c:17:31:e0:da:8e:7b:b7:85:ea:99:60:58: > b0:c0:5e:1b:d4:85:1a:86:34:a1:94:0f:4b:02:d8:c0: > e5:42:80:61:5e:db:b5:f0:fa:13:64:44:f3:08:1a:21: > f0:60:a4:e8:6c:dd:6d:26:59:7d:f9:9c:4d:c0:69:c9 > Exponent: 65537 (0x10001) > Signed Extensions: (4) > Name: Certificate Authority Key Identifier > Critical: False > Key ID: > 59:9d:ae:8d:19:20:48:46:f4:2e:e4:5b:6b:ef:0b:43: > 23:6e:0a:da > Serial Number: None > General Names: [0 total] > > Name: Authority Information Access > Critical: False > > Name: Certificate Key Usage > Critical: True > Usages: > Digital Signature > Non-Repudiation > Key Encipherment > Data Encipherment > > Name: Extended Key Usage > Critical: False > Usages: > TLS Web Server Authentication Certificate > > Fingerprint (MD5): > 68:b8:8d:1b:ee:8f:06:ea:fc:99:26:1b:f7:94:b9:db > Fingerprint (SHA1): > 99:70:d3:4b:87:e2:a1:31:4a:01:29:be:19:8c:00:18: > 9f:26:cd:c4 > Signature: > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Signature Data: > 14:2c:bd:a4:1e:99:62:e0:c1:3d:3d:8f:38:17:e3:4c: > 7b:2d:90:e7:17:ad:ca:1f:6b:59:6a:99:61:21:3b:8e: > 8c:ee:00:8e:7b:aa:00:0b:0f:db:06:1d:cc:fb:ca:97: > b8:6b:87:17:51:b3:33:dd:72:b7:b6:ca:3a:c8:18:8b: > 49:87:1b:2a:78:1f:a9:3f:d9:a1:f4:79:1a:75:09:05: > 60:ca:65:92:63:2f:7c:8e:fd:35:ed:99:c0:de:3c:15: > c3:79:ab:d0:8e:d6:83:f6:2c:f8:ae:8d:c7:19:1d:84: > a6:b8:f8:fa:28:a2:48:79:69:58:7a:ff:11:8a:eb:13: > fe:fe:6c:0e:4e:54:2a:40:a6:d4:c1:15:a1:1e:31:21: > 9f:57:b9:ad:02:f8:df:99:12:23:ab:af:e8:e0:e0:e7: > c9:bf:ec:ea:0b:63:57:e3:e0:46:ba:cd:66:7f:66:a0: > ed:df:70:68:1e:76:6e:60:d9:b2:bf:dd:35:2b:9c:a3: > 79:97:49:93:da:46:67:0f:13:9e:ff:00:bb:4e:2a:90: > f2:7b:93:f9:28:6e:6f:19:e9:eb:b7:34:5a:eb:88:f3: > a7:bf:ab:c4:8d:e6:4a:e7:86:5a:34:c5:d8:ef:6f:a6: > 9d:c1:c7:7f:80:45:ed:c8:2a:13:18:68:25:cd:1e:b9 >2012-07-23T15:33:17Z DEBUG approved_usage = SSLServer intended_usage = SSLServer >2012-07-23T15:33:17Z DEBUG cert valid True for "CN=ipa.atgreen.org,O=ATGREEN.ORG" >2012-07-23T15:33:17Z DEBUG handshake complete, peer = 10.0.0.99:9444 >2012-07-23T15:33:17Z DEBUG auth_certificate_callback: check_sig=True is_server=False > Data: > Version: 3 (0x2) > Serial Number: 3 (0x3) > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Issuer: CN=Certificate Authority,O=ATGREEN.ORG > Validity: > Not Before: Mon Jul 23 15:32:18 2012 UTC > Not After : Sun Jul 13 15:32:18 2014 UTC > Subject: CN=ipa.atgreen.org,O=ATGREEN.ORG > Subject Public Key Info: > Public Key Algorithm: PKCS #1 RSA Encryption > RSA Public Key: > Modulus: > c7:38:bc:16:f3:63:4c:29:f6:b7:97:a3:6e:66:5e:04: > fd:ae:f6:23:ed:71:e5:f8:3f:1c:c4:93:f2:c3:ad:e6: > 5b:91:8e:6c:10:dd:9f:8f:7d:35:33:22:d5:31:02:54: > 28:d2:a2:1a:f7:82:5e:ee:53:2e:51:06:35:a7:4b:fd: > 2e:54:f5:6a:b9:92:43:34:0a:60:ae:b6:4f:e2:8f:5f: > 92:5a:29:5b:6e:7f:79:d5:34:39:79:74:15:a8:97:dd: > ba:f4:bd:49:1a:ee:3c:33:19:f9:78:1c:d0:33:84:13: > 8b:0f:59:ee:91:e4:a0:07:fa:d8:f5:05:07:88:77:23: > e3:90:3c:2e:aa:8d:ec:2d:ee:f6:12:4a:02:59:dd:5a: > 9d:22:6b:f4:2a:0c:86:ab:d1:92:d3:96:e7:dc:7d:e2: > 59:34:31:14:29:ae:e5:3d:93:0b:0c:be:c3:43:da:15: > 30:fa:37:c5:d2:e3:22:fd:43:40:b8:13:c8:61:13:f1: > 73:28:1a:2c:17:31:e0:da:8e:7b:b7:85:ea:99:60:58: > b0:c0:5e:1b:d4:85:1a:86:34:a1:94:0f:4b:02:d8:c0: > e5:42:80:61:5e:db:b5:f0:fa:13:64:44:f3:08:1a:21: > f0:60:a4:e8:6c:dd:6d:26:59:7d:f9:9c:4d:c0:69:c9 > Exponent: 65537 (0x10001) > Signed Extensions: (4) > Name: Certificate Authority Key Identifier > Critical: False > Key ID: > 59:9d:ae:8d:19:20:48:46:f4:2e:e4:5b:6b:ef:0b:43: > 23:6e:0a:da > Serial Number: None > General Names: [0 total] > > Name: Authority Information Access > Critical: False > > Name: Certificate Key Usage > Critical: True > Usages: > Digital Signature > Non-Repudiation > Key Encipherment > Data Encipherment > > Name: Extended Key Usage > Critical: False > Usages: > TLS Web Server Authentication Certificate > > Fingerprint (MD5): > 68:b8:8d:1b:ee:8f:06:ea:fc:99:26:1b:f7:94:b9:db > Fingerprint (SHA1): > 99:70:d3:4b:87:e2:a1:31:4a:01:29:be:19:8c:00:18: > 9f:26:cd:c4 > Signature: > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Signature Data: > 14:2c:bd:a4:1e:99:62:e0:c1:3d:3d:8f:38:17:e3:4c: > 7b:2d:90:e7:17:ad:ca:1f:6b:59:6a:99:61:21:3b:8e: > 8c:ee:00:8e:7b:aa:00:0b:0f:db:06:1d:cc:fb:ca:97: > b8:6b:87:17:51:b3:33:dd:72:b7:b6:ca:3a:c8:18:8b: > 49:87:1b:2a:78:1f:a9:3f:d9:a1:f4:79:1a:75:09:05: > 60:ca:65:92:63:2f:7c:8e:fd:35:ed:99:c0:de:3c:15: > c3:79:ab:d0:8e:d6:83:f6:2c:f8:ae:8d:c7:19:1d:84: > a6:b8:f8:fa:28:a2:48:79:69:58:7a:ff:11:8a:eb:13: > fe:fe:6c:0e:4e:54:2a:40:a6:d4:c1:15:a1:1e:31:21: > 9f:57:b9:ad:02:f8:df:99:12:23:ab:af:e8:e0:e0:e7: > c9:bf:ec:ea:0b:63:57:e3:e0:46:ba:cd:66:7f:66:a0: > ed:df:70:68:1e:76:6e:60:d9:b2:bf:dd:35:2b:9c:a3: > 79:97:49:93:da:46:67:0f:13:9e:ff:00:bb:4e:2a:90: > f2:7b:93:f9:28:6e:6f:19:e9:eb:b7:34:5a:eb:88:f3: > a7:bf:ab:c4:8d:e6:4a:e7:86:5a:34:c5:d8:ef:6f:a6: > 9d:c1:c7:7f:80:45:ed:c8:2a:13:18:68:25:cd:1e:b9 >2012-07-23T15:33:17Z DEBUG approved_usage = SSLServer intended_usage = SSLServer >2012-07-23T15:33:17Z DEBUG cert valid True for "CN=ipa.atgreen.org,O=ATGREEN.ORG" >2012-07-23T15:33:17Z DEBUG handshake complete, peer = 10.0.0.99:9444 >2012-07-23T15:33:17Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-ATGREEN-ORG/ -A -n Server-Cert -t u,u,u -i /var/lib/ipa/ipa-QztWAc/tmpcert.der -f /etc/dirsrv/slapd-ATGREEN-ORG//pwdfile.txt >2012-07-23T15:33:17Z DEBUG stdout= >2012-07-23T15:33:17Z DEBUG stderr= >2012-07-23T15:33:17Z DEBUG args=/sbin/chkconfig certmonger on >2012-07-23T15:33:17Z DEBUG stdout= >2012-07-23T15:33:17Z DEBUG stderr= >2012-07-23T15:33:18Z DEBUG args=/sbin/service messagebus start >2012-07-23T15:33:18Z DEBUG stdout=Starting system message bus: [60G[[0;32m OK [0;39m] > >2012-07-23T15:33:18Z DEBUG stderr= >2012-07-23T15:33:18Z DEBUG args=/sbin/service certmonger start >2012-07-23T15:33:18Z DEBUG stdout=Starting certmonger: [60G[[0;32m OK [0;39m] > >2012-07-23T15:33:18Z DEBUG stderr= >2012-07-23T15:33:18Z DEBUG args=/usr/bin/certutil -L -d /etc/dirsrv/slapd-ATGREEN-ORG -n Server-Cert >2012-07-23T15:33:18Z DEBUG stdout=Certificate: > Data: > Version: 3 (0x2) > Serial Number: 8 (0x8) > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Issuer: "CN=Certificate Authority,O=ATGREEN.ORG" > Validity: > Not Before: Mon Jul 23 15:33:17 2012 > Not After : Thu Jul 24 15:33:17 2014 > Subject: "CN=ipa.atgreen.org,O=ATGREEN.ORG" > Subject Public Key Info: > Public Key Algorithm: PKCS #1 RSA Encryption > RSA Public Key: > Modulus: > ab:ed:12:66:2f:d3:0c:12:8c:d7:b9:51:39:38:57:1f: > 2b:40:d5:99:69:5a:38:3b:89:fb:8f:d4:fd:b6:11:a4: > e8:a9:d8:15:32:d9:8f:85:2a:a2:82:7a:71:40:5a:13: > d9:34:b8:41:4b:c4:56:7d:c8:a2:53:c4:45:02:0e:c3: > 3c:d2:8d:d4:fb:80:75:e4:fc:80:52:fe:a4:15:71:1c: > 37:73:b1:55:7a:2f:56:4f:7c:4d:1b:a6:7f:be:cf:bb: > e1:e1:65:35:76:9b:33:17:e5:1c:0d:64:e1:b9:f0:f2: > e5:e6:84:43:e6:cc:34:d2:6e:6b:c5:aa:ac:14:03:39: > a9:1a:e8:2e:f2:e8:78:d4:4a:b6:8f:6e:18:6b:df:88: > f4:46:78:3f:1e:13:82:19:ca:97:c0:0c:60:71:c8:d0: > 58:65:a5:6b:2e:c8:4c:e0:bf:fe:aa:49:09:3d:a2:98: > 3c:85:f6:45:7f:2c:1a:6c:f6:ed:38:70:d2:96:16:24: > 90:7b:61:ab:36:df:e5:b8:38:33:7f:1e:54:3e:d2:b8: > 75:e6:18:a0:de:a3:fa:a5:df:93:64:ff:13:e8:cb:f8: > 09:85:96:57:ff:50:e0:ab:46:e8:84:e4:b9:3e:3b:72: > 38:9b:7d:0b:25:0a:4a:d6:16:74:e7:7d:df:1d:5b:e9 > Exponent: 65537 (0x10001) > Signed Extensions: > Name: Certificate Authority Key Identifier > Key ID: > 59:9d:ae:8d:19:20:48:46:f4:2e:e4:5b:6b:ef:0b:43: > 23:6e:0a:da > > Name: Authority Information Access > Method: PKIX Online Certificate Status Protocol > Location: > URI: "http://ipa.atgreen.org:80/ca/ocsp" > > Name: Certificate Key Usage > Critical: True > Usages: Digital Signature > Non-Repudiation > Key Encipherment > Data Encipherment > > Name: Extended Key Usage > TLS Web Server Authentication Certificate > TLS Web Client Authentication Certificate > > Name: Certificate Subject Key ID > Data: > e3:af:d2:2a:da:4d:98:08:07:07:ff:71:b5:aa:43:f2: > a5:ee:14:1e > > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Signature: > 55:e6:2f:9d:77:22:f9:30:77:cd:50:a7:44:42:ac:31: > 1d:cd:87:3c:36:90:a3:79:ba:7e:4a:f4:21:bf:44:a1: > b7:56:41:b5:cc:60:0f:9e:f1:52:e2:a8:be:b4:6e:12: > 26:b3:9e:d9:94:54:e9:b3:54:c2:38:f7:a5:65:bb:32: > 2d:1b:86:72:df:bf:87:34:4d:65:2f:ad:ad:e4:9c:7a: > dd:02:74:f2:c7:c7:bf:f0:a3:23:49:8a:7d:e7:a0:23: > 94:ed:4e:e2:50:c0:be:cd:5a:7e:36:15:b7:8d:3c:25: > 0c:3a:d2:89:6d:df:e3:32:0e:1d:13:10:30:56:75:44: > 54:9d:f0:df:a9:2f:97:0f:c7:53:56:92:15:7b:2d:78: > 0b:e8:1a:18:70:7a:da:fe:d8:8d:38:78:52:53:96:7c: > 52:6f:93:39:67:d8:27:87:87:80:84:f7:77:be:f9:65: > f2:c7:4c:2a:c0:4b:04:34:68:33:c2:37:4b:2a:2b:41: > 6e:3c:2d:b2:b3:1f:f7:e2:76:b4:c2:93:92:59:73:59: > 08:fa:65:85:f4:38:13:0d:50:ff:59:8a:4e:6f:5c:18: > bc:56:cf:25:ae:31:9d:ad:3e:f4:75:fb:f3:f5:a5:a0: > 5d:45:b1:1f:92:79:e8:94:6a:8f:dd:98:19:d8:07:57 > Fingerprint (MD5): > 85:CB:FC:94:CE:B5:F3:68:46:7A:1E:00:2C:48:54:BA > Fingerprint (SHA1): > 64:88:2E:44:D3:29:5A:66:52:9C:CC:D4:95:07:82:97:13:33:35:A5 > > Certificate Trust Flags: > SSL Flags: > User > Email Flags: > User > Object Signing Flags: > User > > >2012-07-23T15:33:18Z DEBUG stderr= >2012-07-23T15:33:18Z DEBUG args=/usr/bin/ipa-getcert start-tracking -d /etc/dirsrv/slapd-ATGREEN-ORG -n Server-Cert -p /etc/dirsrv/slapd-ATGREEN-ORG/pwdfile.txt -C /usr/lib64/ipa/certmonger/restart_dirsrv ATGREEN-ORG >2012-07-23T15:33:18Z DEBUG stdout=New tracking request "20120723153318" added. > >2012-07-23T15:33:18Z DEBUG stderr= >2012-07-23T15:33:18Z DEBUG args=/sbin/service certmonger stop >2012-07-23T15:33:18Z DEBUG stdout=Stopping certmonger: [60G[[0;32m OK [0;39m] > >2012-07-23T15:33:18Z DEBUG stderr= >2012-07-23T15:33:18Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-ATGREEN-ORG/ -L -n Server-Cert -a >2012-07-23T15:33:18Z DEBUG stdout=-----BEGIN CERTIFICATE----- >MIIDkzCCAnugAwIBAgIBCDANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtBVEdS >RUVOLk9SRzEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDcy >MzE1MzMxN1oXDTE0MDcyNDE1MzMxN1owMDEUMBIGA1UEChMLQVRHUkVFTi5PUkcx >GDAWBgNVBAMTD2lwYS5hdGdyZWVuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP >ADCCAQoCggEBAKvtEmYv0wwSjNe5UTk4Vx8rQNWZaVo4O4n7j9T9thGk6KnYFTLZ >j4UqooJ6cUBaE9k0uEFLxFZ9yKJTxEUCDsM80o3U+4B15PyAUv6kFXEcN3OxVXov >Vk98TRumf77Pu+HhZTV2mzMX5RwNZOG58PLl5oRD5sw00m5rxaqsFAM5qRroLvLo >eNRKto9uGGvfiPRGeD8eE4IZypfADGBxyNBYZaVrLshM4L/+qkkJPaKYPIX2RX8s >Gmz27Thw0pYWJJB7Yas23+W4ODN/HlQ+0rh15hig3qP6pd+TZP8T6Mv4CYWWV/9Q >4KtG6ITkuT47cjibfQslCkrWFnTnfd8dW+kCAwEAAaOBsTCBrjAfBgNVHSMEGDAW >gBRZna6NGSBIRvQu5Ftr7wtDI24K2jA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUH >MAGGIWh0dHA6Ly9pcGEuYXRncmVlbi5vcmc6ODAvY2Evb2NzcDAOBgNVHQ8BAf8E >BAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTj >r9Iq2k2YCAcH/3G1qkPype4UHjANBgkqhkiG9w0BAQsFAAOCAQEAVeYvnXci+TB3 >zVCnREKsMR3Nhzw2kKN5un5K9CG/RKG3VkG1zGAPnvFS4qi+tG4SJrOe2ZRU6bNU >wjj3pWW7Mi0bhnLfv4c0TWUvra3knHrdAnTyx8e/8KMjSYp956AjlO1O4lDAvs1a >fjYVt408JQw60olt3+MyDh0TEDBWdURUnfDfqS+XD8dTVpIVey14C+gaGHB62v7Y >jTh4UlOWfFJvkzln2CeHh4CE93e++WXyx0wqwEsENGgzwjdLKitBbjwtsrMf9+J2 >tMKTkllzWQj6ZYX0OBMNUP9Zik5vXBi8Vs8lrjGdrT70dfvz9aWgXUWxH5J56JRq >j92YGdgHVw== >-----END CERTIFICATE----- > >2012-07-23T15:33:18Z DEBUG stderr= >2012-07-23T15:33:26Z DEBUG args=/sbin/service certmonger start >2012-07-23T15:33:26Z DEBUG stdout=Starting certmonger: [60G[[0;32m OK [0;39m] > >2012-07-23T15:33:26Z DEBUG stderr= >2012-07-23T15:33:26Z DEBUG duration: 10 seconds >2012-07-23T15:33:26Z DEBUG [17/35]: configuring certmap.conf >2012-07-23T15:33:26Z DEBUG duration: 0 seconds >2012-07-23T15:33:26Z DEBUG [18/35]: configure autobind for root >2012-07-23T15:33:26Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /usr/share/ipa/root-autobind.ldif -x -D cn=Directory Manager -y /tmp/tmpaMsueL >2012-07-23T15:33:26Z DEBUG stdout=add objectClass: > extensibleObject > top >add cn: > root-autobind >add uidNumber: > 0 >add gidNumber: > 0 >adding new entry "cn=root-autobind,cn=config" >modify complete > >replace nsslapd-ldapiautobind: > on >modifying entry "cn=config" >modify complete > >replace nsslapd-ldapimaptoentries: > on >modifying entry "cn=config" >modify complete > > >2012-07-23T15:33:26Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:26Z DEBUG duration: 0 seconds >2012-07-23T15:33:26Z DEBUG [19/35]: configure new location for managed entries >2012-07-23T15:33:26Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmp_ox6A6 -x -D cn=Directory Manager -y /tmp/tmp4Bmsl1 >2012-07-23T15:33:26Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=Definitions,cn=Managed Entries,cn=etc,dc=atgreen,dc=org >modifying entry "cn=Managed Entries,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:26Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:26Z DEBUG duration: 0 seconds >2012-07-23T15:33:26Z DEBUG [20/35]: restarting directory server >2012-07-23T15:33:30Z DEBUG args=/sbin/service dirsrv restart ATGREEN-ORG >2012-07-23T15:33:30Z DEBUG stdout=Shutting down dirsrv: > ATGREEN-ORG...[60G[[0;32m OK [0;39m] >Starting dirsrv: > ATGREEN-ORG...[60G[[0;32m OK [0;39m] > >2012-07-23T15:33:30Z DEBUG stderr= >2012-07-23T15:33:30Z DEBUG args=/sbin/service dirsrv status ATGREEN-ORG >2012-07-23T15:33:30Z DEBUG stdout=dirsrv ATGREEN-ORG (pid 12461) is running... > >2012-07-23T15:33:30Z DEBUG stderr= >2012-07-23T15:33:30Z DEBUG duration: 3 seconds >2012-07-23T15:33:30Z DEBUG [21/35]: adding default layout >2012-07-23T15:33:30Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpnLdcB8 -x -D cn=Directory Manager -y /tmp/tmpTpGV4e >2012-07-23T15:33:30Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > accounts >adding new entry "cn=accounts,dc=atgreen,dc=org" > > >2012-07-23T15:33:30Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) >ldap_add: No such object (32) > >2012-07-23T15:33:30Z CRITICAL Failed to load bootstrap-template.ldif: Command '/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpnLdcB8 -x -D cn=Directory Manager -y /tmp/tmpTpGV4e' returned non-zero exit status 32 >2012-07-23T15:33:30Z DEBUG duration: 0 seconds >2012-07-23T15:33:30Z DEBUG [22/35]: adding delegation layout >2012-07-23T15:33:30Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpZZgZ9L -x -D cn=Directory Manager -y /tmp/tmp66Sltf >2012-07-23T15:33:30Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > roles >adding new entry "cn=roles,cn=accounts,dc=atgreen,dc=org" > > >2012-07-23T15:33:30Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) >ldap_add: No such object (32) > matched DN: dc=atgreen,dc=org > >2012-07-23T15:33:30Z CRITICAL Failed to load delegation.ldif: Command '/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpZZgZ9L -x -D cn=Directory Manager -y /tmp/tmp66Sltf' returned non-zero exit status 32 >2012-07-23T15:33:30Z DEBUG duration: 0 seconds >2012-07-23T15:33:30Z DEBUG [23/35]: adding replication acis >2012-07-23T15:33:30Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpACrBOJ -x -D cn=Directory Manager -y /tmp/tmpikZ8gn >2012-07-23T15:33:30Z DEBUG stdout=add aci: > (targetattr != aci)(version 3.0; aci "replica admins read access"; allow (read, search, compare) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=atgreen,dc=org";) >modifying entry "cn=config" >modify complete > >add aci: > (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=atgreen,dc=org";) >modifying entry "cn="dc=atgreen,dc=org",cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=atgreen,dc=org";) >modifying entry "cn="dc=atgreen,dc=org",cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=atgreen,dc=org";) >modifying entry "cn="dc=atgreen,dc=org",cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=atgreen,dc=org";) >modifying entry "cn=tasks,cn=config" >modify complete > > >2012-07-23T15:33:30Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:30Z DEBUG duration: 0 seconds >2012-07-23T15:33:30Z DEBUG [24/35]: creating container for managed entries >2012-07-23T15:33:30Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmppoYPaN -x -D cn=Directory Manager -y /tmp/tmpjvwZAg >2012-07-23T15:33:30Z DEBUG stdout=add objectClass: > nsContainer > top >add cn: > Managed Entries >adding new entry "cn=Managed Entries,cn=etc,dc=atgreen,dc=org" > > >2012-07-23T15:33:30Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) >ldap_add: No such object (32) > matched DN: dc=atgreen,dc=org > >2012-07-23T15:33:30Z CRITICAL Failed to load managed-entries.ldif: Command '/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmppoYPaN -x -D cn=Directory Manager -y /tmp/tmpjvwZAg' returned non-zero exit status 32 >2012-07-23T15:33:30Z DEBUG duration: 0 seconds >2012-07-23T15:33:30Z DEBUG [25/35]: configuring user private groups >2012-07-23T15:33:30Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmp1UA4o1 -x -D cn=Directory Manager -y /tmp/tmpwqdZdg >2012-07-23T15:33:30Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > UPG Template >add mepRDNAttr: > cn >add mepStaticAttr: > objectclass: posixgroup > objectclass: ipaobject > ipaUniqueId: autogenerate >add mepMappedAttr: > cn: $uid > gidNumber: $uidNumber > description: User private group for $uid >adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=atgreen,dc=org" > > >2012-07-23T15:33:30Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) >ldap_add: No such object (32) > matched DN: dc=atgreen,dc=org > >2012-07-23T15:33:30Z CRITICAL Failed to load user_private_groups.ldif: Command '/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmp1UA4o1 -x -D cn=Directory Manager -y /tmp/tmpwqdZdg' returned non-zero exit status 32 >2012-07-23T15:33:30Z DEBUG duration: 0 seconds >2012-07-23T15:33:30Z DEBUG [26/35]: configuring netgroups from hostgroups >2012-07-23T15:33:30Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpQ_qyV8 -x -D cn=Directory Manager -y /tmp/tmpVabvfG >2012-07-23T15:33:30Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > NGP HGP Template >add mepRDNAttr: > cn >add mepStaticAttr: > ipaUniqueId: autogenerate > objectclass: ipanisnetgroup > objectclass: ipaobject > nisDomainName: atgreen.org >add mepMappedAttr: > cn: $cn > memberHost: $dn > description: ipaNetgroup $cn >adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=atgreen,dc=org" > > >2012-07-23T15:33:30Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) >ldap_add: No such object (32) > matched DN: dc=atgreen,dc=org > >2012-07-23T15:33:30Z CRITICAL Failed to load host_nis_groups.ldif: Command '/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpQ_qyV8 -x -D cn=Directory Manager -y /tmp/tmpVabvfG' returned non-zero exit status 32 >2012-07-23T15:33:30Z DEBUG duration: 0 seconds >2012-07-23T15:33:30Z DEBUG [27/35]: creating default Sudo bind user >2012-07-23T15:33:30Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpr1Mw9d -x -D cn=Directory Manager -y /tmp/tmp8zdwN_ >2012-07-23T15:33:30Z DEBUG stdout=add objectclass: > account > simplesecurityobject >add uid: > sudo >add userPassword: > XXXXXXXX >add passwordExpirationTime: > 20380119031407Z >add nsIdleTimeout: > 0 >adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=atgreen,dc=org" > > >2012-07-23T15:33:30Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) >ldap_add: No such object (32) > matched DN: dc=atgreen,dc=org > >2012-07-23T15:33:30Z CRITICAL Failed to load sudobind.ldif: Command '/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpr1Mw9d -x -D cn=Directory Manager -y /tmp/tmp8zdwN_' returned non-zero exit status 32 >2012-07-23T15:33:30Z DEBUG duration: 0 seconds >2012-07-23T15:33:30Z DEBUG [28/35]: creating default Auto Member layout >2012-07-23T15:33:30Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpsT_QzJ -x -D cn=Directory Manager -y /tmp/tmpJCNov4 >2012-07-23T15:33:30Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=automember,cn=etc,dc=atgreen,dc=org >modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsContainer >add cn: > automember >adding new entry "cn=automember,cn=etc,dc=atgreen,dc=org" > > >2012-07-23T15:33:30Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) >ldap_add: No such object (32) > matched DN: dc=atgreen,dc=org > >2012-07-23T15:33:30Z CRITICAL Failed to load automember.ldif: Command '/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpsT_QzJ -x -D cn=Directory Manager -y /tmp/tmpJCNov4' returned non-zero exit status 32 >2012-07-23T15:33:30Z DEBUG duration: 0 seconds >2012-07-23T15:33:30Z DEBUG [29/35]: creating default HBAC rule allow_all >2012-07-23T15:33:30Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmphGVGSH -x -D cn=Directory Manager -y /tmp/tmpXp8qRQ >2012-07-23T15:33:30Z DEBUG stdout=add objectclass: > ipaassociation > ipahbacrule >add cn: > allow_all >add accessruletype: > allow >add usercategory: > all >add hostcategory: > all >add sourcehostcategory: > all >add servicecategory: > all >add ipaenabledflag: > TRUE >add description: > Allow all users to access any host from any host >add ipauniqueid: > autogenerate >adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=atgreen,dc=org" > > >2012-07-23T15:33:30Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) >ldap_add: No such object (32) > matched DN: dc=atgreen,dc=org > >2012-07-23T15:33:30Z CRITICAL Failed to load default-hbac.ldif: Command '/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmphGVGSH -x -D cn=Directory Manager -y /tmp/tmpXp8qRQ' returned non-zero exit status 32 >2012-07-23T15:33:30Z DEBUG duration: 0 seconds >2012-07-23T15:33:30Z DEBUG [30/35]: initializing group membership >2012-07-23T15:33:30Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmp1s7Lpw -x -D cn=Directory Manager -y /tmp/tmpnI_CFN >2012-07-23T15:33:30Z DEBUG stdout=add objectClass: > top > extensibleObject >add cn: > IPA install >add basedn: > dc=atgreen,dc=org >add filter: > (objectclass=*) >add ttl: > 10 >adding new entry "cn=IPA install 1343057587, cn=memberof task, cn=tasks, cn=config" >modify complete > > >2012-07-23T15:33:30Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:30Z DEBUG Waiting for memberof task to complete. >2012-07-23T15:33:32Z DEBUG duration: 2 seconds >2012-07-23T15:33:32Z DEBUG [31/35]: adding master entry >2012-07-23T15:33:32Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpZ0wxPB -x -D cn=Directory Manager -y /tmp/tmpFu4m4k >2012-07-23T15:33:32Z DEBUG stdout=add objectclass: > top > nsContainer >add cn: > ipa.atgreen.org >adding new entry "cn=ipa.atgreen.org,cn=masters,cn=ipa,cn=etc,dc=atgreen,dc=org" > > >2012-07-23T15:33:32Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) >ldap_add: No such object (32) > matched DN: dc=atgreen,dc=org > >2012-07-23T15:33:32Z CRITICAL Failed to load master-entry.ldif: Command '/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpZ0wxPB -x -D cn=Directory Manager -y /tmp/tmpFu4m4k' returned non-zero exit status 32 >2012-07-23T15:33:32Z DEBUG duration: 0 seconds >2012-07-23T15:33:32Z DEBUG [32/35]: configuring Posix uid/gid generation >2012-07-23T15:33:32Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmpNKYWhC -x -D cn=Directory Manager -y /tmp/tmpktSaGK >2012-07-23T15:33:32Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Posix IDs >add dnaType: > uidNumber > gidNumber >add dnaNextValue: > 292800000 >add dnaMaxValue: > 292999999 >add dnaMagicRegen: > 999 >add dnaFilter: > (|(objectclass=posixAccount)(objectClass=posixGroup)) >add dnaScope: > dc=atgreen,dc=org >add dnaThreshold: > 500 >add dnaSharedCfgDN: > cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=atgreen,dc=org >adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > > >2012-07-23T15:33:32Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:32Z DEBUG duration: 0 seconds >2012-07-23T15:33:32Z DEBUG [33/35]: enabling compatibility plugin >2012-07-23T15:33:32Z INFO Parsing file /usr/share/ipa/schema_compat.uldif >2012-07-23T15:33:32Z INFO New entry: cn=Schema Compatibility, cn=plugins, cn=config >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=Schema Compatibility, cn=plugins, cn=config >2012-07-23T15:33:32Z DEBUG nsslapd-pluginid: schema-compat-plugin >2012-07-23T15:33:32Z DEBUG cn: Schema Compatibility >2012-07-23T15:33:32Z DEBUG objectclass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG nsSlapdPlugin >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG nsslapd-plugindescription: Schema Compatibility Plugin >2012-07-23T15:33:32Z DEBUG nsslapd-pluginenabled: on >2012-07-23T15:33:32Z DEBUG nsslapd-pluginpath: /usr/lib64/dirsrv/plugins/schemacompat-plugin.so >2012-07-23T15:33:32Z DEBUG nsslapd-pluginversion: 0.8 >2012-07-23T15:33:32Z DEBUG nsslapd-pluginvendor: redhat.com >2012-07-23T15:33:32Z DEBUG nsslapd-plugintype: object >2012-07-23T15:33:32Z DEBUG nsslapd-plugininitfunc: schema_compat_plugin_init >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG Final value >2012-07-23T15:33:32Z DEBUG dn: cn=Schema Compatibility, cn=plugins, cn=config >2012-07-23T15:33:32Z DEBUG nsslapd-pluginid: schema-compat-plugin >2012-07-23T15:33:32Z DEBUG cn: Schema Compatibility >2012-07-23T15:33:32Z DEBUG objectclass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG nsSlapdPlugin >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG nsslapd-plugindescription: Schema Compatibility Plugin >2012-07-23T15:33:32Z DEBUG nsslapd-pluginenabled: on >2012-07-23T15:33:32Z DEBUG nsslapd-pluginpath: /usr/lib64/dirsrv/plugins/schemacompat-plugin.so >2012-07-23T15:33:32Z DEBUG nsslapd-pluginversion: 0.8 >2012-07-23T15:33:32Z DEBUG nsslapd-pluginvendor: redhat.com >2012-07-23T15:33:32Z DEBUG nsslapd-plugintype: object >2012-07-23T15:33:32Z DEBUG nsslapd-plugininitfunc: schema_compat_plugin_init >2012-07-23T15:33:32Z INFO Updating existing entry: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >2012-07-23T15:33:32Z DEBUG objectclass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG directoryServerFeature >2012-07-23T15:33:32Z DEBUG aci: (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";) >2012-07-23T15:33:32Z DEBUG oid: 2.16.840.1.113730.3.4.9 >2012-07-23T15:33:32Z DEBUG cn: VLV Request Control >2012-07-23T15:33:32Z DEBUG only: set aci to '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )', current value ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'] >2012-07-23T15:33:32Z DEBUG only: updated value [u'(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >2012-07-23T15:33:32Z DEBUG objectclass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG directoryServerFeature >2012-07-23T15:33:32Z DEBUG aci: >2012-07-23T15:33:32Z DEBUG (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) >2012-07-23T15:33:32Z DEBUG oid: 2.16.840.1.113730.3.4.9 >2012-07-23T15:33:32Z DEBUG cn: VLV Request Control >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG Final value >2012-07-23T15:33:32Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >2012-07-23T15:33:32Z DEBUG objectclass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG directoryServerFeature >2012-07-23T15:33:32Z DEBUG aci: >2012-07-23T15:33:32Z DEBUG (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) >2012-07-23T15:33:32Z DEBUG oid: 2.16.840.1.113730.3.4.9 >2012-07-23T15:33:32Z DEBUG cn: VLV Request Control >2012-07-23T15:33:32Z DEBUG [(0, 'aci', ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']), (1, 'aci', ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'])] >2012-07-23T15:33:32Z DEBUG Live 1, updated 1 >2012-07-23T15:33:32Z INFO Done >2012-07-23T15:33:32Z INFO New entry: cn=users, cn=Schema Compatibility, cn=plugins, cn=config >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=users, cn=Schema Compatibility, cn=plugins, cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=posixAccount >2012-07-23T15:33:32Z DEBUG gecos=%{cn} >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG uidNumber=%{uidNumber} >2012-07-23T15:33:32Z DEBUG gidNumber=%{gidNumber} >2012-07-23T15:33:32Z DEBUG loginShell=%{loginShell} >2012-07-23T15:33:32Z DEBUG homeDirectory=%{homeDirectory} >2012-07-23T15:33:32Z DEBUG cn: users >2012-07-23T15:33:32Z DEBUG objectclass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: objectclass=posixAccount >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: cn=users >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: uid=%{uid} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: cn=users, cn=accounts, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG Final value >2012-07-23T15:33:32Z DEBUG dn: cn=users, cn=Schema Compatibility, cn=plugins, cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=posixAccount >2012-07-23T15:33:32Z DEBUG gecos=%{cn} >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG uidNumber=%{uidNumber} >2012-07-23T15:33:32Z DEBUG gidNumber=%{gidNumber} >2012-07-23T15:33:32Z DEBUG loginShell=%{loginShell} >2012-07-23T15:33:32Z DEBUG homeDirectory=%{homeDirectory} >2012-07-23T15:33:32Z DEBUG cn: users >2012-07-23T15:33:32Z DEBUG objectclass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: objectclass=posixAccount >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: cn=users >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: uid=%{uid} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: cn=users, cn=accounts, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z INFO New entry: cn=groups, cn=Schema Compatibility, cn=plugins, cn=config >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=groups, cn=Schema Compatibility, cn=plugins, cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=posixGroup >2012-07-23T15:33:32Z DEBUG gidNumber=%{gidNumber} >2012-07-23T15:33:32Z DEBUG memberUid=%{memberUid} >2012-07-23T15:33:32Z DEBUG memberUid=%deref_r("member","uid") >2012-07-23T15:33:32Z DEBUG cn: groups >2012-07-23T15:33:32Z DEBUG objectclass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: objectclass=posixGroup >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: cn=groups >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: cn=groups, cn=accounts, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG Final value >2012-07-23T15:33:32Z DEBUG dn: cn=groups, cn=Schema Compatibility, cn=plugins, cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=posixGroup >2012-07-23T15:33:32Z DEBUG gidNumber=%{gidNumber} >2012-07-23T15:33:32Z DEBUG memberUid=%{memberUid} >2012-07-23T15:33:32Z DEBUG memberUid=%deref_r("member","uid") >2012-07-23T15:33:32Z DEBUG cn: groups >2012-07-23T15:33:32Z DEBUG objectclass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: objectclass=posixGroup >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: cn=groups >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: cn=groups, cn=accounts, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z INFO New entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG add: 'top' to objectClass, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'top'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] >2012-07-23T15:33:32Z DEBUG add: updated value ['top', u'extensibleObject'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG add: 'ng' to cn, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'ng'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG ng >2012-07-23T15:33:32Z DEBUG add: 'cn=compat, dc=atgreen,dc=org' to schema-compat-container-group, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'cn=compat, dc=atgreen,dc=org'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG ng >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'cn=ng' to schema-compat-container-rdn, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'cn=ng'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: >2012-07-23T15:33:32Z DEBUG cn=ng >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG ng >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'yes' to schema-compat-check-access, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'yes'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: >2012-07-23T15:33:32Z DEBUG cn=ng >2012-07-23T15:33:32Z DEBUG schema-compat-check-access: >2012-07-23T15:33:32Z DEBUG yes >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG ng >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'cn=ng, cn=alt, dc=atgreen,dc=org' to schema-compat-search-base, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'cn=ng, cn=alt, dc=atgreen,dc=org'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-check-access: >2012-07-23T15:33:32Z DEBUG yes >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG ng >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: >2012-07-23T15:33:32Z DEBUG cn=ng >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=ng, cn=alt, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: '(objectclass=ipaNisNetgroup)' to schema-compat-search-filter, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'(objectclass=ipaNisNetgroup)'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-check-access: >2012-07-23T15:33:32Z DEBUG yes >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG ng >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (objectclass=ipaNisNetgroup) >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: >2012-07-23T15:33:32Z DEBUG cn=ng >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=ng, cn=alt, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'cn=%{cn}' to schema-compat-entry-rdn, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'cn=%{cn}'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-check-access: >2012-07-23T15:33:32Z DEBUG yes >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG ng >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (objectclass=ipaNisNetgroup) >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: >2012-07-23T15:33:32Z DEBUG cn=ng >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=ng, cn=alt, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'objectclass=nisNetgroup' to schema-compat-entry-attribute, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'objectclass=nisNetgroup'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=nisNetgroup >2012-07-23T15:33:32Z DEBUG schema-compat-check-access: >2012-07-23T15:33:32Z DEBUG yes >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG ng >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (objectclass=ipaNisNetgroup) >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: >2012-07-23T15:33:32Z DEBUG cn=ng >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=ng, cn=alt, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'memberNisNetgroup=%deref_r("member","cn")' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=nisNetgroup', u'memberNisNetgroup=%deref_r("member","cn")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=nisNetgroup >2012-07-23T15:33:32Z DEBUG memberNisNetgroup=%deref_r("member","cn") >2012-07-23T15:33:32Z DEBUG schema-compat-check-access: >2012-07-23T15:33:32Z DEBUG yes >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG ng >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (objectclass=ipaNisNetgroup) >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: >2012-07-23T15:33:32Z DEBUG cn=ng >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=ng, cn=alt, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")', u'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=nisNetgroup >2012-07-23T15:33:32Z DEBUG memberNisNetgroup=%deref_r("member","cn") >2012-07-23T15:33:32Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-}) >2012-07-23T15:33:32Z DEBUG schema-compat-check-access: >2012-07-23T15:33:32Z DEBUG yes >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG ng >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (objectclass=ipaNisNetgroup) >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: >2012-07-23T15:33:32Z DEBUG cn=ng >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=ng, cn=alt, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG Final value >2012-07-23T15:33:32Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=nisNetgroup >2012-07-23T15:33:32Z DEBUG memberNisNetgroup=%deref_r("member","cn") >2012-07-23T15:33:32Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-}) >2012-07-23T15:33:32Z DEBUG schema-compat-check-access: >2012-07-23T15:33:32Z DEBUG yes >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG ng >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (objectclass=ipaNisNetgroup) >2012-07-23T15:33:32Z DEBUG schema-compat-container-rdn: >2012-07-23T15:33:32Z DEBUG cn=ng >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=ng, cn=alt, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG cn=compat, dc=atgreen,dc=org >2012-07-23T15:33:32Z INFO New entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG add: 'top' to objectClass, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'top'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] >2012-07-23T15:33:32Z DEBUG add: updated value ['top', u'extensibleObject'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG add: 'sudoers' to cn, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'sudoers'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG add: 'ou=SUDOers, dc=atgreen,dc=org' to schema-compat-container-group, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'ou=SUDOers, dc=atgreen,dc=org'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'cn=sudorules, cn=sudo, dc=atgreen,dc=org' to schema-compat-search-base, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'cn=sudorules, cn=sudo, dc=atgreen,dc=org'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: '(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))' to schema-compat-search-filter, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'cn=%{cn}' to schema-compat-entry-rdn, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'cn=%{cn}'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'objectclass=sudoRole' to schema-compat-entry-attribute, current value [] >2012-07-23T15:33:32Z DEBUG add: updated value [u'objectclass=sudoRole'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', u'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', u'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', u'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', u'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', u'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', u'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', u'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', u'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', u'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', u'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', u'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', u'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', u'sudoCommand=!%deref("memberDenyCmd","sudoCmd")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', u'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoRunAsUser=%{ipaSudoRunAsExtUser}' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', u'sudoRunAsUser=%{ipaSudoRunAsExtUser}'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%{ipaSudoRunAsExtUser} >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%{ipaSudoRunAsExtUser}'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%{ipaSudoRunAsExtUser}', u'sudoRunAsUser=%deref("ipaSudoRunAs","uid")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%{ipaSudoRunAsExtUser} >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%deref("ipaSudoRunAs","uid") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%{ipaSudoRunAsExtUser}', 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%{ipaSudoRunAsExtUser}', 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")', u'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%{ipaSudoRunAsExtUser} >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%deref("ipaSudoRunAs","uid") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%{ipaSudoRunAsExtUser}', 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%{ipaSudoRunAsExtUser}', 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', u'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%{ipaSudoRunAsExtUser} >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%deref("ipaSudoRunAs","uid") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoRunAsGroup=%{ipaSudoRunAsExtGroup} >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%{ipaSudoRunAsExtUser}', 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%{ipaSudoRunAsExtUser}', 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}', u'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%{ipaSudoRunAsExtUser} >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%deref("ipaSudoRunAs","uid") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoRunAsGroup=%{ipaSudoRunAsExtGroup} >2012-07-23T15:33:32Z DEBUG sudoRunAsGroup=%deref("ipaSudoRunAs","cn") >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG add: 'sudoOption=%{ipaSudoOpt}' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%{ipaSudoRunAsExtUser}', 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}', 'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")'] >2012-07-23T15:33:32Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%{ipaSudoRunAsExtUser}', 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}', 'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")', u'sudoOption=%{ipaSudoOpt}'] >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%{ipaSudoRunAsExtUser} >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%deref("ipaSudoRunAs","uid") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoRunAsGroup=%{ipaSudoRunAsExtGroup} >2012-07-23T15:33:32Z DEBUG sudoRunAsGroup=%deref("ipaSudoRunAs","cn") >2012-07-23T15:33:32Z DEBUG sudoOption=%{ipaSudoOpt} >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG --------------------------------------------- >2012-07-23T15:33:32Z DEBUG Final value >2012-07-23T15:33:32Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2012-07-23T15:33:32Z DEBUG schema-compat-entry-attribute: >2012-07-23T15:33:32Z DEBUG objectclass=sudoRole >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%{ipaSudoRunAsExtUser} >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%deref("ipaSudoRunAs","uid") >2012-07-23T15:33:32Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") >2012-07-23T15:33:32Z DEBUG sudoRunAsGroup=%{ipaSudoRunAsExtGroup} >2012-07-23T15:33:32Z DEBUG sudoRunAsGroup=%deref("ipaSudoRunAs","cn") >2012-07-23T15:33:32Z DEBUG sudoOption=%{ipaSudoOpt} >2012-07-23T15:33:32Z DEBUG cn: >2012-07-23T15:33:32Z DEBUG sudoers >2012-07-23T15:33:32Z DEBUG objectClass: >2012-07-23T15:33:32Z DEBUG top >2012-07-23T15:33:32Z DEBUG extensibleObject >2012-07-23T15:33:32Z DEBUG schema-compat-search-filter: >2012-07-23T15:33:32Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2012-07-23T15:33:32Z DEBUG schema-compat-entry-rdn: >2012-07-23T15:33:32Z DEBUG cn=%{cn} >2012-07-23T15:33:32Z DEBUG schema-compat-search-base: >2012-07-23T15:33:32Z DEBUG cn=sudorules, cn=sudo, dc=atgreen,dc=org >2012-07-23T15:33:32Z DEBUG schema-compat-container-group: >2012-07-23T15:33:32Z DEBUG ou=SUDOers, dc=atgreen,dc=org >2012-07-23T15:33:33Z DEBUG duration: 0 seconds >2012-07-23T15:33:33Z DEBUG [34/35]: tuning directory server >2012-07-23T15:33:33Z DEBUG Backing up system configuration file '/etc/security/limits.conf' >2012-07-23T15:33:33Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2012-07-23T15:33:36Z DEBUG args=/sbin/service dirsrv restart ATGREEN-ORG >2012-07-23T15:33:36Z DEBUG stdout=Shutting down dirsrv: > ATGREEN-ORG...[60G[[0;32m OK [0;39m] >Starting dirsrv: > ATGREEN-ORG...[60G[[0;32m OK [0;39m] > >2012-07-23T15:33:36Z DEBUG stderr= >2012-07-23T15:33:36Z DEBUG args=/sbin/service dirsrv status ATGREEN-ORG >2012-07-23T15:33:36Z DEBUG stdout=dirsrv ATGREEN-ORG (pid 12596) is running... > >2012-07-23T15:33:36Z DEBUG stderr= >2012-07-23T15:33:36Z DEBUG args=/usr/bin/ldapmodify -h ipa.atgreen.org -v -f /tmp/tmp2WYjZp -x -D cn=Directory Manager -y /tmp/tmp9kniKi >2012-07-23T15:33:36Z DEBUG stdout=replace nsslapd-maxdescriptors: > 8192 >replace nsslapd-reservedescriptors: > 64 >modifying entry "cn=config" >modify complete > > >2012-07-23T15:33:36Z DEBUG stderr=ldap_initialize( ldap://ipa.atgreen.org ) > >2012-07-23T15:33:36Z DEBUG duration: 3 seconds >2012-07-23T15:33:36Z DEBUG [35/35]: configuring directory to start on boot >2012-07-23T15:33:36Z DEBUG args=/sbin/chkconfig dirsrv >2012-07-23T15:33:36Z DEBUG stdout= >2012-07-23T15:33:36Z DEBUG stderr= >2012-07-23T15:33:36Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2012-07-23T15:33:36Z DEBUG args=/sbin/chkconfig dirsrv off >2012-07-23T15:33:36Z DEBUG stdout= >2012-07-23T15:33:36Z DEBUG stderr= >2012-07-23T15:33:36Z DEBUG duration: 0 seconds >2012-07-23T15:33:36Z DEBUG done configuring dirsrv. >2012-07-23T15:33:36Z DEBUG args=/sbin/chkconfig pki-cad off >2012-07-23T15:33:36Z DEBUG stdout= >2012-07-23T15:33:36Z DEBUG stderr= >2012-07-23T15:33:36Z DEBUG entry=dn: cn=CA,cn=ipa.atgreen.org,cn=masters,cn=ipa,cn=etc,dc=atgreen,dc=org >cn: CA >ipaconfigstring: enabledService >ipaconfigstring: startOrder 50 >objectclass: nsContainer >objectclass: ipaConfigObject > > > File "/usr/sbin/ipa-server-install", line 1091, in <module> > rval = main() > > File "/usr/sbin/ipa-server-install", line 931, in main > util.realm_to_suffix(realm_name)) > > File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 311, in ldap_enable > self.admin_conn.addEntry(entry) > > File "/usr/lib/python2.6/site-packages/ipaserver/ipaldap.py", line 496, in addEntry > self.__handle_errors(e, arg_desc=arg_desc) > > File "/usr/lib/python2.6/site-packages/ipaserver/ipaldap.py", line 312, in __handle_errors > raise errors.NotFound(reason=arg_desc) >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=599821">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 842374
: 599821 |
599822
|
599831