[Freeipa-users] Unable to install KRA Replica - 4.8.7

I'm attempting to reinstall a replica that I had previously removed.  When I run ipa-replica-install and include the --setup-kra option, it eventually fails.  I've included the output of the ipa-replica-install command, and the only "bad" thing I can find is the following in the tomcat debug log: addConnector: Connector is already defined I've gone through and run ipa-healthcheck, all is well there. After uninstalling, I couldn't find any old references to the replica in the LDAP database.... the ipa-replica-install works fine if I do not include --setup-kra. Any help would be appreciated.  I'm happy to provide whatever additional logs that may be needed.  I've replaced my internal DNS suffix with 'example.com'. Thanks! - Dave Failed to configure KRA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'KRA', '-f', '/tmp/tmpf6kaucv2', '--debug'] returned non-zero exit status 1: 'INFO: Connecting to LDAP server at ldaps://ipa.example.com:636\nINFO: Connecting to LDAP server at ldaps://ipa.example.com:636\nINFO: Connecting to security domain at https://ipa.example.com:443\nINFO: Getting security domain info\nINFO: Logging into security domain IPA\nDEBUG: Installing Maven dependencies: False\nINFO: BEGIN spawning KRA subsystem in pki-tomcat instance\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Setting up pkiuser group\nINFO: Reusing existing pkiuser group with GID 17\nINFO: Setting up pkiuser user\nINFO: Reusing existing pkiuser user with UID 17\nDEBUG: Retrieving UID for \'pkiuser\'\nDEBUG: UID of \'pkiuser\' is 17\nDEBUG: Retrieving GID for \'pkiuser\'\nDEBUG: GID of \'pkiuser\' is 17\nINFO: Initialization\nINFO: Appending logs to /var/log/pki/pki-tomcat\nINFO: Setting up infrastructure\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/kra\nDEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/kra\nDEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat/kra\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/kra\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/kra/default.cfg\nDEBUG: Command: cp -p /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/kra/default.cfg\nDEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/kra/default.cfg\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/kra/default.cfg\nDEBUG: Command: touch /etc/sysconfig/pki/tomcat/pki-tomcat/kra/deployment.cfg\nDEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/kra/deployment.cfg\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/kra/deployment.cfg\nINFO: Creating /var/lib/pki/pki-tomcat\nINFO: Creating /var/lib/pki/pki-tomcat/kra\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/kra\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/kra\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/kra\nINFO: Preparing pki-tomcat instance\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Creating /etc/pki/pki-tomcat\nWARNING: Directory already exists: /etc/pki/pki-tomcat\nINFO: Creating /etc/pki/pki-tomcat/password.conf\nINFO: Reusing server NSS database password\nINFO: Using specified internal database password\nINFO: Reusing replication manager password\nINFO: Installing pki-tomcat instance\nINFO: Creating KRA subsystem\nINFO: Creating /var/log/pki/pki-tomcat/kra\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/kra\nINFO: Creating /var/log/pki/pki-tomcat/kra/archive\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/kra/archive\nINFO: Creating /var/log/pki/pki-tomcat/kra/signedAudit\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/kra/signedAudit\nINFO: Creating /etc/pki/pki-tomcat/kra\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/kra\nINFO: Creating /etc/pki/pki-tomcat/kra/CS.cfg\nDEBUG: Command: cp /usr/share/pki/kra/conf/CS.cfg /etc/pki/pki-tomcat/kra/CS.cfg\nINFO: Creating /etc/pki/pki-tomcat/kra/registry.cfg\nINFO: Creating /var/lib/pki/pki-tomcat/kra/conf\nDEBUG: Command: ln -s /etc/pki/pki-tomcat/kra /var/lib/pki/pki-tomcat/kra/conf\nINFO: Creating /var/lib/pki/pki-tomcat/kra/logs\nDEBUG: Command: ln -s /var/log/pki/pki-tomcat/kra /var/lib/pki/pki-tomcat/kra/logs\nINFO: Creating /var/lib/pki/pki-tomcat/kra/registry\nDEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/kra/registry\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Getting transport cert info from CS.cfg\nINFO: Getting storage cert info from CS.cfg\nINFO: Getting sslserver cert info from CS.cfg\nINFO: Getting subsystem cert info from CS.cfg\nINFO: Getting audit_signing cert info from CS.cfg\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Deploying /kra web application\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Creating /var/lib/pki/pki-tomcat/kra/webapps\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/kra/webapps\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/kra/webapps\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/kra/webapps\nINFO: Setting up ownerships, permissions, and ACLs on /var/lib/pki/pki-tomcat/kra/webapps\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/kra.xml\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Creating password file: /etc/pki/pki-tomcat/pfile\nINFO: Updating /etc/pki/pki-tomcat/password.conf\nDEBUG: Command: chmod 660 /etc/pki/pki-tomcat/password.conf\nDEBUG: Command: chown 17:17 /etc/pki/pki-tomcat/password.conf\nDEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/kra/alias\nDEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile pkcs12-import --pkcs12 /tmp/tmp3plm5h3l --password-file /tmp/tmpm1sa32dg/password.txt --debug\nINFO: Certificates in PKCS #12 file:\nINFO: Java command: /usr/lib/jvm/jre-openjdk/bin/java -cp /usr/share/pki/lib/* -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile --debug pkcs12-cert-find --pkcs12 /tmp/tmp3plm5h3l --password-file /tmp/tmpm1sa32dg/password.txt --debug\nINFO: Server URL: https://ipa.example.com:8443\nINFO: Loading NSS password from /etc/pki/pki-tomcat/pfile\nINFO: NSS database: /etc/pki/pki-tomcat/alias\nINFO: Message format: null\nINFO: Command: pkcs12-cert-find --pkcs12 /tmp/tmp3plm5h3l --password-file /tmp/tmpm1sa32dg/password.txt --debug\nINFO: Module: pkcs12\nINFO: Module: cert\nINFO: Module: find\nINFO: Initializing NSS\nINFO: Logging into internal token\nINFO: Using internal token\nINFO: - auditSigningCert cert-pki-kra\nINFO: - caSigningCert cert-pki-ca\nINFO: - storageCert cert-pki-kra\nINFO: - subsystemCert cert-pki-ca\nINFO: - transportCert cert-pki-kra\nINFO: Importing CA certificates:\nINFO: - caSigningCert cert-pki-ca\nDEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile -n caSigningCert cert-pki-ca -a\nWARNING: Certificate already exists: caSigningCert cert-pki-ca\nINFO: Importing user certificates:\nINFO: - auditSigningCert cert-pki-kra\nINFO: - storageCert cert-pki-kra\nINFO: - subsystemCert cert-pki-ca\nINFO: - transportCert cert-pki-kra\nINFO: Java command: /usr/lib/jvm/jre-openjdk/bin/java -cp /usr/share/pki/lib/* -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile --debug pkcs12-import --pkcs12 /tmp/tmp3plm5h3l --password-file /tmp/tmpm1sa32dg/password.txt --debug auditSigningCert cert-pki-kra storageCert cert-pki-kra subsystemCert cert-pki-ca transportCert cert-pki-kra\nINFO: Server URL: https://ipa.example.com:8443\nINFO: Loading NSS password from /etc/pki/pki-tomcat/pfile\nINFO: NSS database: /etc/pki/pki-tomcat/alias\nINFO: Message format: null\nINFO: Command: pkcs12-import --pkcs12 /tmp/tmp3plm5h3l --password-file /tmp/tmpm1sa32dg/password.txt --debug "auditSigningCert cert-pki-kra" "storageCert cert-pki-kra" "subsystemCert cert-pki-ca" "transportCert cert-pki-kra"\nINFO: Module: pkcs12\nINFO: Module: import\nINFO: Initializing NSS\nINFO: Logging into internal token\nINFO: Using internal token\nDEBUG: Command: certutil -M -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile -n auditSigningCert cert-pki-kra -t u,u,Pu\nDEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias\nDEBUG: Result of CA certificate export: \nINFO: Removing /etc/pki/pki-tomcat/pfile\nDEBUG: Command: rm -f /etc/pki/pki-tomcat/pfile\nINFO: Getting transport cert info from CS.cfg\nINFO: Getting storage cert info from CS.cfg\nINFO: Getting sslserver cert info from CS.cfg\nINFO: Getting subsystem cert info from CS.cfg\nINFO: Getting audit_signing cert info from CS.cfg\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Creating /root/.dogtag/pki-tomcat/kra\nDEBUG: Command: mkdir -p /root/.dogtag/pki-tomcat/kra\nDEBUG: Command: chmod 755 /root/.dogtag/pki-tomcat/kra\nDEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/kra\nINFO: Creating password file: /root/.dogtag/pki-tomcat/kra/password.conf\nINFO: Updating /root/.dogtag/pki-tomcat/kra/password.conf\nDEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/kra/password.conf\nDEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/kra/password.conf\nINFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/kra/pkcs12_password.conf\nINFO: Updating /root/.dogtag/pki-tomcat/kra/pkcs12_password.conf\nDEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/kra/pkcs12_password.conf\nDEBUG: Command: chown 17:17 /root/.dogtag/pki-tomcat/kra/pkcs12_password.conf\nWARNING: Directory already exists: /var/lib/ipa/tmp-6ae9ficu\nDEBUG: Command: certutil -N -d /var/lib/ipa/tmp-6ae9ficu -f /root/.dogtag/pki-tomcat/kra/password.conf\nINFO: Creating SELinux contexts\nINFO: Generating system keys\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Configuring subsystem\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nDEBUG: Setting ephemeral requests to true\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Importing sslserver cert data from CA\nINFO: Importing subsystem cert data from CA\nINFO: Importing sslserver request data from CA\nINFO: Importing subsystem request data from CA\nINFO: Joining existing domain\nINFO: Getting install token\nINFO: Using CA at https://ipa.example.com:443\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Reusing replicated database\nINFO: Initializing database\nDEBUG: Command: sudo -u pkiuser /usr/lib/jvm/jre-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/kra/webapps/kra/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI kra-db-init --setup-schema --setup-db-manager --setup-vlv-indexes --debug\nINFO: Loading /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Initializing database ipaca for o=kra,o=ipaca\nINFO: Creating com.netscape.cmsutil.password.PlainPasswordFile\nFINE: PlainPasswordFile: Initializing PlainPasswordFile\nFINE: LdapAuthInfo: init()\nFINE: LdapAuthInfo: init begins\nFINE: LdapAuthInfo: init ends\nFINE: TCP Keep-Alive: true\nFINE: LdapAuthInfo: init: prompt is internaldb\nFINE: LdapAuthInfo: init: try getting from memory cache\nFINE: LdapAuthInfo: init: password not in memory\nFINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store\nFINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb\nFINE: LdapAuthInfo: getPasswordFromStore: password store available\nFINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store\nFINE: LdapAuthInfo: password ok: store in memory cache\nFINE: LdapBoundConnection: Connecting to ipa.example.com:636 with basic auth as cn=Directory Manager\nFINE: ldapconn/PKISocketFactory.makeSSLSocket: begins\nFINE: PKIClientSocketListener.handshakeCompleted: begins\nFINE: Handshake completed:\nFINE: - client: 10.1.1.7\nFINE: - server: 10.1.1.7\nFINE: - subject: SYSTEM\nFINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_ESTABLISH\nFINE: PKIClientSocketListener.handshakeCompleted: CS_CLIENT_ACCESS_SESSION_ESTABLISH_SUCCESS\nFINE: PKIClientSocketListener.handshakeCompleted: clientIP=10.1.1.7 serverIP=10.1.1.7 serverPort=636\nFINE: SSL handshake happened\nINFO: Configuring directory\nINFO: Importing /usr/share/pki/server/conf/database.ldif\nINFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-549427834453303422.ldif\nINFO: Modifying cn=config\nINFO: - replacing nsslapd-maxbersize: 209715200\nINFO: Enabling USN\nINFO: Importing /usr/share/pki/server/conf/usn.ldif\nINFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-784255222034676900.ldif\nINFO: Modifying cn=USN,cn=plugins,cn=config\nINFO: - replacing nsslapd-pluginenabled: on\nINFO: Setting up PKI schema\nINFO: Importing /usr/share/pki/server/conf/schema.ldif\nINFO: Adding attributetypes: ( usertype-oid NAME \'usertype\' DESC \'Distinguish whether the user is administrator, agent or subsystem.\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( userstate-oid NAME \'userstate\' DESC \'Distinguish whether the user is administrator, agent or subsystem.\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( cmsuser-oid NAME \'cmsuser\' DESC \'CMS User\' SUP top STRUCTURAL MUST usertype MAY userstate X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( archivedBy-oid NAME \'archivedBy\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( adminMessages-oid NAME \'adminMessages\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( algorithm-oid NAME \'algorithm\' DESC \'CMS defined attribute\'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( algorithmId-oid NAME \'algorithmId\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( signingAlgorithmId-oid NAME \'signingAlgorithmId\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( autoRenew-oid NAME \'autoRenew\' DESC \'CMS defined attribute\'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( certStatus-oid NAME \'certStatus\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( crlName-oid NAME \'crlName\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( crlSize-oid NAME \'crlSize\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( deltaSize-oid NAME \'deltaSize\' DESC \'CMS defined attribute\'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( crlNumber-oid NAME \'crlNumber\' DESC \'CMS defined attribute\'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( deltaNumber-oid NAME \'deltaNumber\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( firstUnsaved-oid NAME \'firstUnsaved\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( crlCache-oid NAME \'crlCache\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( revokedCerts-oid NAME \'revokedCerts\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( unrevokedCerts-oid NAME \'unrevokedCerts\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( expiredCerts-oid NAME \'expiredCerts\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( crlExtensions-oid NAME \'crlExtensions\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( dateOfArchival-oid NAME \'dateOfArchival\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( dateOfRecovery-oid NAME \'dateOfRecovery\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( dateOfRevocation-oid NAME \'dateOfRevocation\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( dateOfCreate-oid NAME \'dateOfCreate\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( dateOfModify-oid NAME \'dateOfModify\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( duration-oid NAME \'duration\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( extension-oid NAME \'extension\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( issuedBy-oid NAME \'issuedBy\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( issueInfo-oid NAME \'issueInfo\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( issuerName-oid NAME \'issuerName\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( keySize-oid NAME \'keySize\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( clientId-oid NAME \'clientId\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( dataType-oid NAME \'dataType\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( status-oid NAME \'status\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( keyState-oid NAME \'keyState\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( metaInfo-oid NAME \'metaInfo\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( nextUpdate-oid NAME \'nextUpdate\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( notAfter-oid NAME \'notAfter\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( notBefore-oid NAME \'notBefore\' DESC \'CMS defined attribute\'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( ownerName-oid NAME \'ownerName\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( password-oid NAME \'password\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( p12Expiration-oid NAME \'p12Expiration\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( proofOfArchival-oid NAME \'proofOfArchival\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( publicKeyData-oid NAME \'publicKeyData\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( publicKeyFormat-oid NAME \'publicKeyFormat\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( privateKeyData-oid NAME \'privateKeyData\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( requestId-oid NAME \'requestId\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( requestInfo-oid NAME \'requestInfo\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( requestState-oid NAME \'requestState\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( requestResult-oid NAME \'requestResult\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( requestOwner-oid NAME \'requestOwner\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( requestAgentGroup-oid NAME \'requestAgentGroup\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( requestSourceId-oid NAME \'requestSourceId\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( requestType-oid NAME \'requestType\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( requestFlag-oid NAME \'requestFlag\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( requestError-oid NAME \'requestError\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( resourceACLS-oid NAME \'resourceACLS\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( revInfo-oid NAME \'revInfo\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( revokedBy-oid NAME \'revokedBy\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( revokedOn-oid NAME \'revokedOn\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( serialno-oid NAME \'serialno\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( nextRange-oid NAME \'nextRange\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( publishingStatus-oid NAME \'publishingStatus\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( beginRange-oid NAME \'beginRange\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( endRange-oid NAME \'endRange\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( subjectName-oid NAME \'subjectName\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( sessionContext-oid NAME \'sessionContext\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( thisUpdate-oid NAME \'thisUpdate\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( transId-oid NAME \'transId\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( transStatus-oid NAME \'transStatus\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( transName-oid NAME \'transName\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( transOps-oid NAME \'transOps\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( userDN-oid NAME \'userDN\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( userMessages-oid NAME \'userMessages\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( version-oid NAME \'version\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( Clone-oid NAME \'Clone\'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( DomainManager-oid NAME \'DomainManager\'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( SecurePort-oid NAME \'SecurePort\'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( SecureAgentPort-oid NAME \'SecureAgentPort\'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( SecureAdminPort-oid NAME \'SecureAdminPort\'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( SecureEEClientAuthPort-oid NAME \'SecureEEClientAuthPort\'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( UnSecurePort-oid NAME \'UnSecurePort\'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( SubsystemName-oid NAME \'SubsystemName\'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( cmsUserGroup-oid NAME \'cmsUserGroup\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( realm-oid NAME \'realm\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( CertACLS-oid NAME \'CertACLS\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( repository-oid NAME \'repository\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange $ publishingStatus ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( request-oid NAME \'request\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ requestState $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages $ realm ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( transaction-oid NAME \'transaction\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST cn MAY ( transId $ description $ transName $ transStatus $ transOps ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( crlIssuingPointRecord-oid NAME \'crlIssuingPointRecord\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $ deltaNumber $ deltaSize $ firstUnsaved $ certificateRevocationList $ deltaRevocationList $ crlCache $ revokedCerts $ unrevokedCerts $ expiredCerts $ cACertificate ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( certificateRecord-oid NAME \'certificateRecord\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ certStatus $ autoRenew $ issueInfo $ metaInfo $ revInfo $ version $ duration $ notAfter $ notBefore $ algorithmId $ subjectName $ signingAlgorithmId $ userCertificate $ issuedBy $ revokedBy $ revokedOn $ extension $ publicKeyData $ issuerName ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( userDetails-oid NAME \'userDetails\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ password $ p12Expiration ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( keyRecord-oid NAME \'keyRecord\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyState $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ dateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ clientId $ dataType $ status $ realm ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( pkiSecurityDomain-oid NAME \'pkiSecurityDomain\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( pkiSecurityGroup-oid NAME \'pkiSecurityGroup\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST cn X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( pkiSubsystem-oid NAME \'pkiSubsystem\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $SecureEEClientAuthPort $ UnSecurePort ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( pkiRange-oid NAME \'pkiRange\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( securityDomainSessionEntry-oid NAME \'securityDomainSessionEntry\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( dateOfCreate-oid NAME \'dateOfCreate\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( dateOfModify-oid NAME \'dateOfModify\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( modified-oid NAME \'modified\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenUserID-oid NAME \'tokenUserID\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenStatus-oid NAME \'tokenStatus\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenAppletID-oid NAME \'tokenAppletID\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( keyInfo-oid NAME \'keyInfo\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( numberOfResets-oid NAME \'numberOfResets\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( numberOfEnrollments-oid NAME \'numberOfEnrollments\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( numberOfRenewals-oid NAME \'numberOfRenewals\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( numberOfRecoveries-oid NAME \'numberOfRecoveries\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( allowPinReset-oid NAME \'allowPinReset\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( extensions-oid NAME \'extensions\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenOp-oid NAME \'tokenOp\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenID-oid NAME \'tokenID\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenMsg-oid NAME \'tokenMsg\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenResult-oid NAME \'tokenResult\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenIP-oid NAME \'tokenIP\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenPolicy-oid NAME \'tokenPolicy\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenIssuer-oid NAME \'tokenIssuer\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenSubject-oid NAME \'tokenSubject\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenSerial-oid NAME \'tokenSerial\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenOrigin-oid NAME \'tokenOrigin\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenType-oid NAME \'tokenType\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenKeyType-oid NAME \'tokenKeyType\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenReason-oid NAME \'tokenReason\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenNotBefore-oid NAME \'tokenNotBefore\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenNotAfter-oid NAME \'tokenNotAfter\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( profileID-oid NAME \'profileID\' DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( tokenRecord-oid NAME \'tokenRecord\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPolicy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( tokenActivity-oid NAME \'tokenActivity\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ tokenType ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( tokenCert-oid NAME \'tokenCert\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ tokenSerial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNotAfter $ extensions ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( tpsProfileID-oid NAME \'tpsProfileID\' DESC \'CMS defined class\' SUP top AUXILIARY MAY ( profileID ) X-ORIGIN \'user-defined\' )\nINFO: Adding attributetypes: ( classId-oid NAME \'classId\' DESC \'Certificate profile class ID\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( certProfileConfig-oid NAME \'certProfileConfig\' DESC \'Certificate profile configuration\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( certProfile-oid NAME \'certProfile\' DESC \'Certificate profile\' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( authorityID-oid NAME \'authorityID\' DESC \'Authority ID\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( authorityKeyNickname-oid NAME \'authorityKeyNickname\' DESC \'Authority key nickname\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN \'user-defined\' )\nINFO: Adding attributetypes: ( authorityParentID-oid NAME \'authorityParentID\' DESC \'Authority Parent ID\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( authorityEnabled-oid NAME \'authorityEnabled\' DESC \'Authority Enabled\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( authorityDN-oid NAME \'authorityDN\' DESC \'Authority DN\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( authoritySerial-oid NAME \'authoritySerial\' DESC \'Authority certificate serial number\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( authorityParentDN-oid NAME \'authorityParentDN\' DESC \'Authority Parent DN\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( authorityKeyHost-oid NAME \'authorityKeyHost\' DESC \'Authority Key Hosts\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: ( authority-oid NAME \'authority\' DESC \'Certificate Authority\' SUP top STRUCTURAL MUST ( cn $ authorityID $ authorityKeyNickname $ authorityEnabled $ authorityDN ) MAY ( authoritySerial $ authorityParentID $ authorityParentDN $ authorityKeyHost $ description ) X-ORIGIN \'user defined\' )\nINFO: Setting up ACME schema\nINFO: Importing /usr/share/pki/acme/database/ldap/schema.ldif\nINFO: Adding attributetypes: ( acmeExpires-oid NAME \'acmeExpires\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeValidatedAt-oid NAME \'acmeValidatedAt\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeStatus-oid NAME \'acmeStatus\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeError-oid NAME \'acmeError\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeNonceId-oid NAME \'acmeNonceId\' SUP name SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeAccountId-oid NAME \'acmeAccountId\' SUP name SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeAccountContact-oid NAME \'acmeAccountContact\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch )\nINFO: Adding attributetypes: ( acmeAccountKey-oid NAME \'acmeAccountKey\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeOrderId-oid NAME \'acmeOrderId\' SUP name SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeIdentifier-oid NAME \'acmeIdentifier\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch )\nINFO: Adding attributetypes: ( acmeAuthorizationId-oid NAME \'acmeAuthorizationId\' SUP name )\nINFO: Adding attributetypes: ( acmeAuthorizationWildcard-oid NAME \'acmeAuthorizationWildcard\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 EQUALITY booleanMatch SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeChallengeId-oid NAME \'acmeChallengeId\' SUP name SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeToken-oid NAME \'acmeToken\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )\nINFO: Adding attributetypes: ( acmeCertificateId-oid NAME \'acmeCertificateId\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseExactMatch SINGLE-VALUE )\nINFO: Adding objectclasses: ( acmeNonce-oid NAME \'acmeNonce\' STRUCTURAL MUST ( acmeNonceId $ acmeExpires ) )\nINFO: Adding objectclasses: ( acmeAccount-oid NAME \'acmeAccount\' STRUCTURAL MUST ( acmeAccountId $ acmeAccountKey $ acmeStatus ) MAY acmeAccountContact )\nINFO: Adding objectclasses: ( acmeOrder-oid NAME \'acmeOrder\' STRUCTURAL MUST ( acmeOrderId $ acmeAccountId $ acmeStatus $ acmeIdentifier $ acmeAuthorizationId ) MAY ( acmeError $ acmeCertificateId $ acmeExpires ) )\nINFO: Adding objectclasses: ( acmeAuthorization-oid NAME \'acmeAuthorization\' STRUCTURAL MUST ( acmeAuthorizationId $ acmeAccountId $ acmeIdentifier $ acmeAuthorizationWildcard $ acmeStatus ) MAY acmeExpires )\nINFO: Adding objectclasses: ( acmeChallenge-oid NAME \'acmeChallenge\' ABSTRACT MUST ( acmeChallengeId $ acmeAccountId $ acmeAuthorizationId $ acmeStatus ) MAY ( acmeValidatedAt $ acmeError ) )\nINFO: Adding objectclasses: ( acmeChallengeDns01-oid NAME \'acmeChallengeDns01\' SUP acmeChallenge STRUCTURAL MUST acmeToken )\nINFO: Adding objectclasses: ( acmeChallengeHttp01-oid NAME \'acmeChallengeHttp01\' SUP acmeChallenge STRUCTURAL MUST acmeToken )\nINFO: Adding objectclasses: ( acmeCertificate-oid NAME \'acmeCertificate\' STRUCTURAL MUST ( acmeCertificateId $ userCertificate ) MAY acmeExpires )\nINFO: Creating indexes\nINFO: Importing /usr/share/pki/kra/conf/index.ldif\nINFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-25296192129415365.ldif\nINFO: Adding cn=revokedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=revokedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=issuedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=issuedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=publicKeyData,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=publicKeyData,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=clientId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=clientId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=dataType,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=dataType,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=status,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=status,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=description,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=description,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=serialno,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=serialno,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=metaInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=metaInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=certstatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=certstatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=requestid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=requestid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=requesttype,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=requesttype,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=requeststate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=requeststate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=requestowner,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=requestowner,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=notbefore,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=notbefore,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=notafter,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=notafter,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=duration,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=duration,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=dateOfCreate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=dateOfCreate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=revokedOn,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=revokedOn,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=archivedBy,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=archivedBy,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=ownername,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=ownername,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=subjectname,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=subjectname,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=requestsourceid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=requestsourceid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=revInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=revInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=extension,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nWARNING: Unable to add cn=extension,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Adding cn=realm,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config\nINFO: Setting up database manager\nINFO: Importing /usr/share/pki/server/conf/manager.ldif\nINFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-3984013368624234966.ldif\nINFO: Adding ou=csusers,cn=config\nWARNING: Unable to add ou=csusers,cn=config: netscape.ldap.LDAPException: error result (68); Already exists\nINFO: Modifying o=kra,o=ipaca\nINFO: - adding aci: (targetattr = "*")(version 3.0; acl "cert manager access v2"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nWARNING: Unable to modify o=kra,o=ipaca: netscape.ldap.LDAPException: error result (20); Type or value exists\nINFO: Modifying cn=ldbm database,cn=plugins,cn=config\nINFO: - adding aci: (targetattr = "*")(version 3.0; acl "Cert Manager access for VLV searches"; allow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nINFO: Modifying cn=config\nINFO: - adding aci: (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nINFO: Modifying ou=csusers,cn=config\nINFO: - adding aci: (targetattr != "aci")(version 3.0; aci "cert manager manage replication users"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nINFO: Modifying cn="o=kra,o=ipaca",cn=mapping tree,cn=config\nINFO: - adding aci: (targetattr = "*")(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nWARNING: Unable to modify cn="o=kra,o=ipaca",cn=mapping tree,cn=config: netscape.ldap.LDAPException: error result (32); No such object\nINFO: Modifying cn="o=kra,o=ipaca",cn=mapping tree,cn=config\nINFO: - adding aci: (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nWARNING: Unable to modify cn="o=kra,o=ipaca",cn=mapping tree,cn=config: netscape.ldap.LDAPException: error result (32); No such object\nINFO: Modifying cn="o=kra,o=ipaca",cn=mapping tree,cn=config\nINFO: - adding aci: (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nWARNING: Unable to modify cn="o=kra,o=ipaca",cn=mapping tree,cn=config: netscape.ldap.LDAPException: error result (32); No such object\nINFO: Modifying cn=tasks,cn=config\nINFO: - adding aci: (targetattr = "*")(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nINFO: Creating VLV indexes\nINFO: Importing /usr/share/pki/kra/conf/vlv.ldif\nINFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-1261970238527115258.ldif\nINFO: Adding cn=allKeys-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraArchival-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraRecovery-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraCanceledRecovery-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraRejectedRecovery-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraCompleteRecovery-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=allKeys-pki-tomcatIndex, cn=allKeys-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraAll-pki-tomcatIndex, cn=kraAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraArchival-pki-tomcatIndex, cn=kraArchival-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraRecovery-pki-tomcatIndex, cn=kraRecovery-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraCanceled-pki-tomcatIndex, cn=kraCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraCanceledEnrollment-pki-tomcatIndex, cn=kraCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraCanceledRecovery-pki-tomcatIndex, cn=kraCanceledRecovery-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraRejected-pki-tomcatIndex, cn=kraRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraRejectedEnrollment-pki-tomcatIndex, cn=kraRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraRejectedRecovery-pki-tomcatIndex, cn=kraRejectedRecovery-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraComplete-pki-tomcatIndex, cn=kraComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraCompleteEnrollment-pki-tomcatIndex, cn=kraCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding cn=kraCompleteRecovery-pki-tomcatIndex, cn=kraCompleteRecovery-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Rebuilding VLV indexes\nINFO: Creating /var/lib/pki/pki-tomcat/temp/pki-kra-reindex-8248341685647863582.ldif\nINFO: Adding cn=index1160527115, cn=index, cn=tasks, cn=config\nINFO: Waiting for task cn=index1160527115, cn=index, cn=tasks, cn=config (1s)\nINFO: Getting cn=index1160527115, cn=index, cn=tasks, cn=config\nINFO: Task cn=index1160527115, cn=index, cn=tasks, cn=config complete\nFINE: PKIClientSocketListener.alertReceived: begins\nFINE: SSL alert received:\nFINE: - reason: CLOSE_NOTIFY\nFINE: - client: 10.1.1.7\nFINE: - server: 10.1.1.7\nFINE: - subject: SYSTEM\nFINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED\nFINE: PKIClientSocketListener.alertReceived: CS_CLIENT_ACCESS_SESSION_TERMINATED\nFINE: PKIClientSocketListener.alertReceived: clientIP=10.1.1.7 serverIP=10.1.1.7 serverPort=636 reason=CLOSE_NOTIFY\nFINE: PKIClientSocketListener.alertSent: begins\nFINE: PKIClientSocketListener.alertSent: got description:0\nFINE: PKIClientSocketListener.alertSent: got reason:CLOSE_NOTIFY\nFINE: PKIClientSocketListener.alertSent: CS_CLIENT_ACCESS_SESSION_TERMINATED\nFINE: PKIClientSocketListener.alertSent: clientIP=10.1.1.7 serverIP=10.1.1.7 serverPort=636 reason=CLOSE_NOTIFY\nFINE: SSL alert sent:\nFINE: - reason: CLOSE_NOTIFY\nFINE: - client: 10.1.1.7\nFINE: - server: 10.1.1.7\nFINE: - subject: SYSTEM\nFINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED\nFINE: PKIClientSocketListener.alertSent: CS_CLIENT_ACCESS_SESSION_ESTABLISH_FAILURE\nFINE: PKIClientSocketListener.alertSent: clientIP=10.1.1.7 serverIP=10.1.1.7 serverPort=636 reason=CLOSE_NOTIFY\nINFO: Updating ranges for KRA clone\nINFO: Updating request ID range\nDEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://ipa2.example.com:443 kra-range-request request --session 7645071616159216931 --output-format json --debug\nINFO: Connecting to https://ipa2.example.com:443\nINFO: HTTP request: GET /pki/rest/info HTTP/1.1\nINFO:   Accept: application/xml\nINFO:   Host: ipa2.example.com:443\nINFO:   Connection: Keep-Alive\nINFO:   User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: Server certificate: CN=ipa2.example.com,O=example.com\nINFO: HTTP response: HTTP/1.1 404 Not Found\nINFO:   Date: Sun, 29 Nov 2020 07:38:24 GMT\nINFO:   Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO:   Content-Length: 196\nINFO:   Keep-Alive: timeout=30, max=100\nINFO:   Connection: Keep-Alive\nINFO:   Content-Type: text/html; charset=iso-8859-1\nWARNING: Unable to get server info: Not Found\nINFO: Requesting request range\nINFO: HTTP request: POST /kra/admin/kra/updateNumberRange HTTP/1.1\nINFO:   Content-Type: application/x-www-form-urlencoded\nINFO:   Content-Length: 57\nINFO:   Host: ipa2.example.com:443\nINFO:   Connection: Keep-Alive\nINFO:   User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: HTTP response: HTTP/1.1 200 200\nINFO:   Date: Sun, 29 Nov 2020 07:38:25 GMT\nINFO:   Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO:   Content-Type: application/xml\nINFO:   Content-Length: 165\nINFO:   Keep-Alive: timeout=30, max=99\nINFO:   Connection: Keep-Alive\nFINE: Response: <?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><beginNumber>99980001</beginNumber><endNumber>99990000</endNumber></XMLResponse>\nFINE: Status: 0\nINFO: Begin: 99980001\nINFO: End: 99990000\nINFO: Updating serial number range\nDEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://ipa2.example.com:443 kra-range-request serialNo --session 7645071616159216931 --output-format json --debug\nINFO: Connecting to https://ipa2.example.com:443\nINFO: HTTP request: GET /pki/rest/info HTTP/1.1\nINFO:   Accept: application/xml\nINFO:   Host: ipa2.example.com:443\nINFO:   Connection: Keep-Alive\nINFO:   User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: Server certificate: CN=ipa2.example.com,O=example.com\nINFO: HTTP response: HTTP/1.1 404 Not Found\nINFO:   Date: Sun, 29 Nov 2020 07:38:28 GMT\nINFO:   Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO:   Content-Length: 196\nINFO:   Keep-Alive: timeout=30, max=100\nINFO:   Connection: Keep-Alive\nINFO:   Content-Type: text/html; charset=iso-8859-1\nWARNING: Unable to get server info: Not Found\nINFO: Requesting serialNo range\nINFO: HTTP request: POST /kra/admin/kra/updateNumberRange HTTP/1.1\nINFO:   Content-Type: application/x-www-form-urlencoded\nINFO:   Content-Length: 58\nINFO:   Host: ipa2.example.com:443\nINFO:   Connection: Keep-Alive\nINFO:   User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: HTTP response: HTTP/1.1 200 200\nINFO:   Date: Sun, 29 Nov 2020 07:38:29 GMT\nINFO:   Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO:   Content-Type: application/xml\nINFO:   Content-Length: 167\nINFO:   Keep-Alive: timeout=30, max=99\nINFO:   Connection: Keep-Alive\nFINE: Response: <?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><beginNumber>11ffe0001</beginNumber><endNumber>11fff0000</endNumber></XMLResponse>\nFINE: Status: 0\nINFO: Begin: 11ffe0001\nINFO: End: 11fff0000\nINFO: Updating replica ID range\nDEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://ipa2.example.com:443 kra-range-request replicaId --session 7645071616159216931 --output-format json --debug\nINFO: Connecting to https://ipa2.example.com:443\nINFO: HTTP request: GET /pki/rest/info HTTP/1.1\nINFO:   Accept: application/xml\nINFO:   Host: ipa2.example.com:443\nINFO:   Connection: Keep-Alive\nINFO:   User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: Server certificate: CN=ipa2.example.com,O=example.com\nINFO: HTTP response: HTTP/1.1 404 Not Found\nINFO:   Date: Sun, 29 Nov 2020 07:38:32 GMT\nINFO:   Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO:   Content-Length: 196\nINFO:   Keep-Alive: timeout=30, max=100\nINFO:   Connection: Keep-Alive\nINFO:   Content-Type: text/html; charset=iso-8859-1\nWARNING: Unable to get server info: Not Found\nINFO: Requesting replicaId range\nINFO: HTTP request: POST /kra/admin/kra/updateNumberRange HTTP/1.1\nINFO:   Content-Type: application/x-www-form-urlencoded\nINFO:   Content-Length: 59\nINFO:   Host: ipa2.example.com:443\nINFO:   Connection: Keep-Alive\nINFO:   User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: HTTP response: HTTP/1.1 200 200\nINFO:   Date: Sun, 29 Nov 2020 07:38:32 GMT\nINFO:   Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO:   Content-Type: application/xml\nINFO:   Content-Length: 157\nINFO:   Keep-Alive: timeout=30, max=99\nINFO:   Connection: Keep-Alive\nFINE: Response: <?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><beginNumber>1285</beginNumber><endNumber>1289</endNumber></XMLResponse>\nFINE: Status: 0\nINFO: Begin: 1285\nINFO: End: 1289\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Updating configuration for KRA clone\nINFO: Updating configuration\nDEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://ipa2.example.com:443 kra-config-export --names internaldb.ldapauth.password,internaldb.replication.password,cloning.ca.type --substores internaldb,internaldb.ldapauth,internaldb.ldapconn,kra.transport,kra.storage,kra.subsystem,kra.audit_signing --session 7645071616159216931 --output-format json --debug\nINFO: Connecting to https://ipa2.example.com:443\nINFO: HTTP request: GET /pki/rest/info HTTP/1.1\nINFO:   Accept: application/xml\nINFO:   Host: ipa2.example.com:443\nINFO:   Connection: Keep-Alive\nINFO:   User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: Server certificate: CN=ipa2.example.com,O=example.com\nINFO: HTTP response: HTTP/1.1 404 Not Found\nINFO:   Date: Sun, 29 Nov 2020 07:38:36 GMT\nINFO:   Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO:   Content-Length: 196\nINFO:   Keep-Alive: timeout=30, max=100\nINFO:   Connection: Keep-Alive\nINFO:   Content-Type: text/html; charset=iso-8859-1\nWARNING: Unable to get server info: Not Found\nINFO: Getting configuration properties\nINFO: HTTP request: POST /kra/admin/kra/getConfigEntries HTTP/1.1\nINFO:   Content-Type: application/x-www-form-urlencoded\nINFO:   Content-Length: 269\nINFO:   Host: ipa2.example.com:443\nINFO:   Connection: Keep-Alive\nINFO:   User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: HTTP response: HTTP/1.1 200 200\nINFO:   Date: Sun, 29 Nov 2020 07:38:36 GMT\nINFO:   Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO:   Content-Type: application/xml\nINFO:   Content-Length: 10909\nINFO:   Keep-Alive: timeout=30, max=99\nINFO:   Connection: Keep-Alive\nFINE: Status: 0\nINFO: Properties:\nINFO: - internaldb._000\nINFO: - internaldb._001\nINFO: - internaldb._002\nINFO: - internaldb.basedn\nINFO: - internaldb.database\nINFO: - internaldb.maxConns\nINFO: - internaldb.minConns\nINFO: - internaldb.ldapauth.authtype\nINFO: - internaldb.ldapauth.bindDN\nINFO: - internaldb.ldapauth.bindPWPrompt\nINFO: - internaldb.ldapauth.clientCertNickname\nINFO: - internaldb.ldapconn.host\nINFO: - internaldb.ldapconn.port\nINFO: - internaldb.ldapconn.secureConn\nINFO: - kra.transport.cert\nINFO: - kra.transport.certreq\nINFO: - kra.transport.nickname\nINFO: - kra.transport.tokenname\nINFO: - kra.storage.cert\nINFO: - kra.storage.certreq\nINFO: - kra.storage.nickname\nINFO: - kra.storage.tokenname\nINFO: - kra.subsystem.cert\nINFO: - kra.subsystem.certreq\nINFO: - kra.subsystem.dn\nINFO: - kra.subsystem.nickname\nINFO: - kra.subsystem.tokenname\nINFO: - kra.audit_signing.cert\nINFO: - kra.audit_signing.certreq\nINFO: - kra.audit_signing.nickname\nINFO: - kra.audit_signing.tokenname\nINFO: - internaldb.replication.password\nINFO: - cloning.ca.type\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Restarting server\nDEBUG: Command: systemctl restart pki-tomcatd(a)pki-tomcat.service\nINFO: FIPS mode is not enabled\nINFO: Subsystem status: running\nINFO: Configuring KRA subsystem\nINFO: Setting up clone\nINFO: Creating clone setup request\n/usr/lib/python3.6/site-packages/urllib3/connection.py:362: SubjectAltNameWarning: Certificate for ipa.example.com has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)\n  SubjectAltNameWarning\nINFO: Setting up database\nINFO: Creating database setup request\nINFO: Getting sslserver cert info from CS.cfg\nINFO: Getting sslserver cert info from NSS database\nDEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpl_0lpu4u/password.txt -n Server-Cert cert-pki-ca -a\nDEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpef27un35/password.txt\nINFO: Setting up transport certificate\nINFO: transport certificate is already set up\nINFO: Setting up storage certificate\nINFO: storage certificate is already set up\nINFO: Setting up sslserver certificate\nINFO: sslserver certificate is already set up\nINFO: Setting up subsystem certificate\nINFO: subsystem certificate is already set up\nINFO: Setting up audit_signing certificate\nINFO: audit_signing certificate is already set up\nINFO: Backing up keys into /etc/pki/pki-tomcat/alias/kra_backup_keys.p12\nDEBUG: Command: pki-server subsystem-cert-export kra -i pki-tomcat --pkcs12-file /etc/pki/pki-tomcat/alias/kra_backup_keys.p12 --pkcs12-password-file /tmp/tmpdeq3qnpk/password.txt\nINFO: Setting up security domain\nINFO: Creating security domain setup request\nINFO: Finalizing KRA configuration\nINFO: Creating finalize config request\n') See the installation logs and the following files/directories for more information:   /var/log/pki/pki-tomcat   [error] RuntimeError: KRA configuration failed. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. KRA configuration failed. The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information [root@ipa]~#