6:59 a.m.
Hi
While running the command: echo password123 | ipa migrate-ds --with-compat
ldap://ipofldap:389 --bind-dn="cn=admin,dc=company,dc=com"
--base-dn=dc=company,dc=com --user-container=ou=people --group-container=ou=groups
--scope=subtree then it's failing with ipa:
ERROR: group LDAP search did not return any result (search base:
ou=groups,dc=company,dc=com, objectclass: groupofuniquenames, groupofnames)
No matter how i change the command to ipa migrate-ds ldap://ldapserver:389
--bind-dn="cn=admin,dc=example,dc=com" then it still fails with the same error
Does anyone know how I can resolve this? in the sladp errors logs I see this:
[26/Oct/2020:11:18:18.622956777 +0100] - ERR - attrcrypt_init - All prepared ciphers are
not available. Please disable attribute encryption.
[26/Oct/2020:11:18:19.228133838 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=groups,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.229323016 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=computers,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.229952707 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=ng,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.230652382 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
ou=sudoers,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.231285195 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=users,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.231934733 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.232593780 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.233232479 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.233866104 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.234486443 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.235118913 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.235747974 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.236394872 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.237060940 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.237715214 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.238356425 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.244588134 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=ad,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.246571311 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.247223136 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.343344230 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=automember rebuild membership,cn=tasks,cn=config does not exist
[26/Oct/2020:11:18:19.348552041 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS
Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which
should be added before the CoS Definition.
[26/Oct/2020:11:18:19.378667333 +0100] - INFO - slapd_daemon - slapd started. Listening
on All Interfaces port 389 for LDAP requests
[26/Oct/2020:11:18:19.381366608 +0100] - INFO - slapd_daemon - Listening on All Interfaces
port 636 for LDAPS requests
[26/Oct/2020:11:18:19.383976582 +0100] - INFO - slapd_daemon - Listening on
/var/run/slapd-PROXDYNAMICS-COM.socket for LDAPI requests
[26/Oct/2020:11:24:47.858883691 +0100] - INFO - op_thread_cleanup - slapd shutting down -
signaling operation threads - op stack size 1 max work q size 2 max work q stack size 2
[26/Oct/2020:11:24:47.958419078 +0100] - INFO - slapd_daemon - slapd shutting down -
closing down internal subsystems and plugins
[26/Oct/2020:11:24:49.018815611 +0100] - INFO - bdb_pre_close - Waiting for 4 database
threads to stop
[26/Oct/2020:11:24:50.544575094 +0100] - INFO - bdb_pre_close - All database threads now
stopped
[26/Oct/2020:11:24:50.557264313 +0100] - INFO - ldbm_back_instance_set_destructor - Set of
instances destroyed
[26/Oct/2020:11:24:50.558354653 +0100] - INFO - connection_post_shutdown_cleanup - slapd
shutting down - freed 2 work q stack objects - freed 5 op stack objects
[26/Oct/2020:11:24:50.558915217 +0100] - INFO - main - slapd stopped.
[26/Oct/2020:11:25:31.985322130 +0100] - INFO - slapd_extract_cert - CA CERT NAME:
PROXDYNAMICS.COM IPA CA
[26/Oct/2020:11:25:32.004250734 +0100] - WARN - Security Initialization - SSL alert:
Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to
provide the password.
[26/Oct/2020:11:25:32.204204240 +0100] - INFO - slapd_extract_cert - SERVER CERT NAME:
Server-Cert
[26/Oct/2020:11:25:32.784801369 +0100] - INFO - Security Initialization - SSL info:
Enabling default cipher set.
[26/Oct/2020:11:25:32.785394876 +0100] - INFO - Security Initialization - SSL info:
Configured NSS Ciphers
[26/Oct/2020:11:25:32.785945734 +0100] - INFO - Security Initialization - SSL info:
TLS_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.786493194 +0100] - INFO - Security Initialization - SSL info:
TLS_CHACHA20_POLY1305_SHA256: enabled
[26/Oct/2020:11:25:32.787079571 +0100] - INFO - Security Initialization - SSL info:
TLS_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.787564682 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.788075487 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.788559673 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[26/Oct/2020:11:25:32.789102837 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[26/Oct/2020:11:25:32.789589594 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.790077677 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.790578956 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.791113852 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.791943466 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.792531988 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.793207244 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.793713859 +0100] - INFO - Security Initialization - SSL info:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.794224928 +0100] - INFO - Security Initialization - SSL info:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.794737674 +0100] - INFO - Security Initialization - SSL info:
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[26/Oct/2020:11:25:32.795251667 +0100] - INFO - Security Initialization - SSL info:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.795769593 +0100] - INFO - Security Initialization - SSL info:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.796287159 +0100] - INFO - Security Initialization - SSL info:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.796807154 +0100] - INFO - Security Initialization - SSL info:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.797403513 +0100] - INFO - Security Initialization - SSL info:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.797932212 +0100] - INFO - Security Initialization - SSL info:
TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.798459755 +0100] - INFO - Security Initialization - SSL info:
TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.799030910 +0100] - INFO - Security Initialization - SSL info:
TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.799573067 +0100] - INFO - Security Initialization - SSL info:
TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.800109380 +0100] - INFO - Security Initialization - SSL info:
TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.800638525 +0100] - INFO - Security Initialization - SSL info:
TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/Oct/2020:11:25:33.345680476 +0100] - INFO - Security Initialization - slapd_ssl_init2
- Configured SSL version range: min: TLS1.2, max: TLS1.3
[26/Oct/2020:11:25:33.346491118 +0100] - INFO - Security Initialization - slapd_ssl_init2
- NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
[26/Oct/2020:11:25:33.347161756 +0100] - INFO - main - 389-Directory/1.4.2.4
B2020.255.2048 starting up
[26/Oct/2020:11:25:33.347693917 +0100] - INFO - main - Setting the maximum file descriptor
limit to: 262144
[26/Oct/2020:11:25:34.438699059 +0100] - INFO - PBKDF2_SHA256 - Based on CPU performance,
chose 2048 rounds
[26/Oct/2020:11:25:34.442181997 +0100] - INFO - ldbm_instance_config_cachememsize_set -
force a minimal value 512000
[26/Oct/2020:11:25:34.448132662 +0100] - INFO - ldbm_instance_config_cachememsize_set -
force a minimal value 512000
[26/Oct/2020:11:25:34.453494825 +0100] - INFO - ldbm_instance_config_cachememsize_set -
force a minimal value 512000
[26/Oct/2020:11:25:34.458647975 +0100] - NOTICE - ldbm_back_start - found 3868940k
physical memory
[26/Oct/2020:11:25:34.459245844 +0100] - NOTICE - ldbm_back_start - found 3334504k
available
[26/Oct/2020:11:25:34.459802577 +0100] - NOTICE - ldbm_back_start - cache autosizing: db
cache: 96723k
[26/Oct/2020:11:25:34.460371153 +0100] - NOTICE - ldbm_back_start - cache autosizing:
userRoot entry cache (3 total): 131072k
[26/Oct/2020:11:25:34.461129521 +0100] - NOTICE - ldbm_back_start - cache autosizing:
userRoot dn cache (3 total): 65536k
[26/Oct/2020:11:25:34.462282548 +0100] - NOTICE - ldbm_back_start - cache autosizing:
ipaca entry cache (3 total): 131072k
[26/Oct/2020:11:25:34.463016641 +0100] - NOTICE - ldbm_back_start - cache autosizing:
ipaca dn cache (3 total): 65536k
[26/Oct/2020:11:25:34.464194998 +0100] - NOTICE - ldbm_back_start - cache autosizing:
changelog entry cache (3 total): 131072k
[26/Oct/2020:11:25:34.464956271 +0100] - NOTICE - ldbm_back_start - cache autosizing:
changelog dn cache (3 total): 65536k
[26/Oct/2020:11:25:34.465703802 +0100] - NOTICE - ldbm_back_start - total cache size:
683215667 B;
[26/Oct/2020:11:25:35.118987768 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key
for cipher AES
[26/Oct/2020:11:25:35.119820971 +0100] - ERR - attrcrypt_cipher_init - Symmetric key
failed to unwrap with the private key; Cert might have been renewed since the key is
wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.408089893 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key
for cipher 3DES
[26/Oct/2020:11:25:35.408739079 +0100] - ERR - attrcrypt_cipher_init - Symmetric key
failed to unwrap with the private key; Cert might have been renewed since the key is
wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.409291926 +0100] - ERR - attrcrypt_init - All prepared ciphers are
not available. Please disable attribute encryption.
[26/Oct/2020:11:25:35.699507155 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key
for cipher AES
[26/Oct/2020:11:25:35.700197858 +0100] - ERR - attrcrypt_cipher_init - Symmetric key
failed to unwrap with the private key; Cert might have been renewed since the key is
wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.993821262 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key
for cipher 3DES
[26/Oct/2020:11:25:35.995400166 +0100] - ERR - attrcrypt_cipher_init - Symmetric key
failed to unwrap with the private key; Cert might have been renewed since the key is
wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.996128828 +0100] - ERR - attrcrypt_init - All prepared ciphers are
not available. Please disable attribute encryption.
[26/Oct/2020:11:25:36.676724884 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=groups,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.677458024 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=computers,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.678097744 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=ng,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.678801681 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
ou=sudoers,dc=example,dc=com does not exist
[26/Oct/2020:1 1:25:36.679445978 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=users,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.680107840 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.680752352 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.681421435 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.682075173 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.682731538 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.683392435 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.683961442 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.684550864 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.685159287 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.685757939 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.686370905 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.692387853 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=ad,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.694119273 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.694778890 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.790882675 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target
cn=automember rebuild membership,cn=tasks,cn=config does not exist
[26/Oct/2020:11:25:36.796103722 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS
Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which
should be added before the CoS Definition.
[26/Oct/2020:11:25:36.826914731 +0100] - INFO - slapd_daemon - slapd started. Listening
on All Interfaces port 389 for LDAP requests
[26/Oct/2020:11:25:36.828243699 +0100] - INFO - slapd_daemon - Listening on All Interfaces
port 636 for LDAPS requests
[26/Oct/2020:11:25:36.829512166 +0100] - INFO - slapd_daemon - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
Regards
Per
10:21 a.m.
Please provide the Directory Server access log snippet from this failure
as well.
Thanks,
Mark
On 10/26/20 7:59 AM, Per Qvindesland via FreeIPA-users wrote:
Hi
While running the command: echo password123 | ipa migrate-ds
--with-compat ldap://ipofldap:389
--bind-dn="cn=admin,dc=company,dc=com" --base-dn=dc=company,dc=com
--user-container=ou=people --group-container=ou=groups --scope=subtree
then it's failing with ipa:
ERROR: group LDAP search did not return any result (search base:
ou=groups,dc=company,dc=com, objectclass: groupofuniquenames,
groupofnames)
No matter how i change the command to ipa migrate-ds
ldap://ldapserver:389 --bind-dn="cn=admin,dc=example,dc=com" then it
still fails with the same error
Does anyone know how I can resolve this? in the sladp errors logs I
see this:
[26/Oct/2020:11:18:18.622956777 +0100] - ERR - attrcrypt_init - All
prepared ciphers are not available. Please disable attribute encryption.
[26/Oct/2020:11:18:19.228133838 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does
not exist
[26/Oct/2020:11:18:19.229323016 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com
does not exist
[26/Oct/2020:11:18:19.229952707 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.230652382 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.231285195 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does
not exist
[26/Oct/2020:11:18:19.231934733 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.232593780 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.233232479 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.233866104 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.234486443 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.235118913 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.235747974 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.236394872 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.237060940 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.237715214 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.238356425 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:18:19.244588134 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.246571311 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.247223136 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.343344230 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
[26/Oct/2020:11:18:19.348552041 +0100] - ERR - cos-plugin -
cos_dn_defs_cb - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which
should be added before the CoS Definition.
[26/Oct/2020:11:18:19.378667333 +0100] - INFO - slapd_daemon - slapd
started. Listening on All Interfaces port 389 for LDAP requests
[26/Oct/2020:11:18:19.381366608 +0100] - INFO - slapd_daemon -
Listening on All Interfaces port 636 for LDAPS requests
[26/Oct/2020:11:18:19.383976582 +0100] - INFO - slapd_daemon -
Listening on /var/run/slapd-PROXDYNAMICS-COM.socket for LDAPI requests
[26/Oct/2020:11:24:47.858883691 +0100] - INFO - op_thread_cleanup -
slapd shutting down - signaling operation threads - op stack size 1
max work q size 2 max work q stack size 2
[26/Oct/2020:11:24:47.958419078 +0100] - INFO - slapd_daemon - slapd
shutting down - closing down internal subsystems and plugins
[26/Oct/2020:11:24:49.018815611 +0100] - INFO - bdb_pre_close -
Waiting for 4 database threads to stop
[26/Oct/2020:11:24:50.544575094 +0100] - INFO - bdb_pre_close - All
database threads now stopped
[26/Oct/2020:11:24:50.557264313 +0100] - INFO -
ldbm_back_instance_set_destructor - Set of instances destroyed
[26/Oct/2020:11:24:50.558354653 +0100] - INFO -
connection_post_shutdown_cleanup - slapd shutting down - freed 2 work
q stack objects - freed 5 op stack objects
[26/Oct/2020:11:24:50.558915217 +0100] - INFO - main - slapd stopped.
[26/Oct/2020:11:25:31.985322130 +0100] - INFO - slapd_extract_cert -
CA CERT NAME: PROXDYNAMICS.COM IPA CA
[26/Oct/2020:11:25:32.004250734 +0100] - WARN - Security
Initialization - SSL alert: Sending pin request to SVRCore. You may
need to run systemd-tty-ask-password-agent to provide the password.
[26/Oct/2020:11:25:32.204204240 +0100] - INFO - slapd_extract_cert -
SERVER CERT NAME: Server-Cert
[26/Oct/2020:11:25:32.784801369 +0100] - INFO - Security
Initialization - SSL info: Enabling default cipher set.
[26/Oct/2020:11:25:32.785394876 +0100] - INFO - Security
Initialization - SSL info: Configured NSS Ciphers
[26/Oct/2020:11:25:32.785945734 +0100] - INFO - Security
Initialization - SSL info: TLS_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.786493194 +0100] - INFO - Security
Initialization - SSL info: TLS_CHACHA20_POLY1305_SHA256: enabled
[26/Oct/2020:11:25:32.787079571 +0100] - INFO - Security
Initialization - SSL info: TLS_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.787564682 +0100] - INFO - Security
Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
enabled
[26/Oct/2020:11:25:32.788075487 +0100] - INFO - Security
Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.788559673 +0100] - INFO - Security
Initialization - SSL info:
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[26/Oct/2020:11:25:32.789102837 +0100] - INFO - Security
Initialization - SSL info:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[26/Oct/2020:11:25:32.789589594 +0100] - INFO - Security
Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
enabled
[26/Oct/2020:11:25:32.790077677 +0100] - INFO - Security
Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.790578956 +0100] - INFO - Security
Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.791113852 +0100] - INFO - Security
Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.791943466 +0100] - INFO - Security
Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.792531988 +0100] - INFO - Security
Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
enabled
[26/Oct/2020:11:25:32.793207244 +0100] - INFO - Security
Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.793713859 +0100] - INFO - Security
Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.794224928 +0100] - INFO - Security
Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.794737674 +0100] - INFO - Security
Initialization - SSL info: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
[26/Oct/2020:11:25:32.795251667 +0100] - INFO - Security
Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.795769593 +0100] - INFO - Security
Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.796287159 +0100] - INFO - Security
Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.796807154 +0100] - INFO - Security
Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.797403513 +0100] - INFO - Security
Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.797932212 +0100] - INFO - Security
Initialization - SSL info: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.798459755 +0100] - INFO - Security
Initialization - SSL info: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.799030910 +0100] - INFO - Security
Initialization - SSL info: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.799573067 +0100] - INFO - Security
Initialization - SSL info: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.800109380 +0100] - INFO - Security
Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.800638525 +0100] - INFO - Security
Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/Oct/2020:11:25:33.345680476 +0100] - INFO - Security
Initialization - slapd_ssl_init2 - Configured SSL version range: min:
TLS1.2, max: TLS1.3
[26/Oct/2020:11:25:33.346491118 +0100] - INFO - Security
Initialization - slapd_ssl_init2 - NSS adjusted SSL version range:
min: TLS1.2, max: TLS1.3
[26/Oct/2020:11:25:33.347161756 +0100] - INFO - main -
389-Directory/1.4.2.4 B2020.255.2048 starting up
[26/Oct/2020:11:25:33.347693917 +0100] - INFO - main - Setting the
maximum file descriptor limit to: 262144
[26/Oct/2020:11:25:34.438699059 +0100] - INFO - PBKDF2_SHA256 - Based
on CPU performance, chose 2048 rounds
[26/Oct/2020:11:25:34.442181997 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
[26/Oct/2020:11:25:34.448132662 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
[26/Oct/2020:11:25:34.453494825 +0100] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
[26/Oct/2020:11:25:34.458647975 +0100] - NOTICE - ldbm_back_start -
found 3868940k physical memory
[26/Oct/2020:11:25:34.459245844 +0100] - NOTICE - ldbm_back_start -
found 3334504k available
[26/Oct/2020:11:25:34.459802577 +0100] - NOTICE - ldbm_back_start -
cache autosizing: db cache: 96723k
[26/Oct/2020:11:25:34.460371153 +0100] - NOTICE - ldbm_back_start -
cache autosizing: userRoot entry cache (3 total): 131072k
[26/Oct/2020:11:25:34.461129521 +0100] - NOTICE - ldbm_back_start -
cache autosizing: userRoot dn cache (3 total): 65536k
[26/Oct/2020:11:25:34.462282548 +0100] - NOTICE - ldbm_back_start -
cache autosizing: ipaca entry cache (3 total): 131072k
[26/Oct/2020:11:25:34.463016641 +0100] - NOTICE - ldbm_back_start -
cache autosizing: ipaca dn cache (3 total): 65536k
[26/Oct/2020:11:25:34.464194998 +0100] - NOTICE - ldbm_back_start -
cache autosizing: changelog entry cache (3 total): 131072k
[26/Oct/2020:11:25:34.464956271 +0100] - NOTICE - ldbm_back_start -
cache autosizing: changelog dn cache (3 total): 65536k
[26/Oct/2020:11:25:34.465703802 +0100] - NOTICE - ldbm_back_start -
total cache size: 683215667 B;
[26/Oct/2020:11:25:35.118987768 +0100] - ERR - attrcrypt_unwrap_key -
Failed to unwrap key for cipher AES
[26/Oct/2020:11:25:35.119820971 +0100] - ERR - attrcrypt_cipher_init -
Symmetric key failed to unwrap with the private key; Cert might have
been renewed since the key is wrapped. To recover the encrypted
contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.408089893 +0100] - ERR - attrcrypt_unwrap_key -
Failed to unwrap key for cipher 3DES
[26/Oct/2020:11:25:35.408739079 +0100] - ERR - attrcrypt_cipher_init -
Symmetric key failed to unwrap with the private key; Cert might have
been renewed since the key is wrapped. To recover the encrypted
contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.409291926 +0100] - ERR - attrcrypt_init - All
prepared ciphers are not available. Please disable attribute encryption.
[26/Oct/2020:11:25:35.699507155 +0100] - ERR - attrcrypt_unwrap_key -
Failed to unwrap key for cipher AES
[26/Oct/2020:11:25:35.700197858 +0100] - ERR - attrcrypt_cipher_init -
Symmetric key failed to unwrap with the private key; Cert might have
been renewed since the key is wrapped. To recover the encrypted
contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.993821262 +0100] - ERR - attrcrypt_unwrap_key -
Failed to unwrap key for cipher 3DES
[26/Oct/2020:11:25:35.995400166 +0100] - ERR - attrcrypt_cipher_init -
Symmetric key failed to unwrap with the private key; Cert might have
been renewed since the key is wrapped. To recover the encrypted
contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.996128828 +0100] - ERR - attrcrypt_init - All
prepared ciphers are not available. Please disable attribute encryption.
[26/Oct/2020:11:25:36.676724884 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does
not exist
[26/Oct/2020:11:25:36.677458024 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com
does not exist
[26/Oct/2020:11:25:36.678097744 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.678801681 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist
[26/Oct/2020:1 1:25:36.679445978 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does
not exist
[26/Oct/2020:11:25:36.680107840 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.680752352 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.681421435 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.682075173 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.682731538 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.683392435 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.683961442 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.684550864 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.685159287 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.685757939 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.686370905 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
exist
[26/Oct/2020:11:25:36.692387853 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.694119273 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.694778890 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.790882675 +0100] - WARN - NSACLPlugin -
acl_parse - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
[26/Oct/2020:11:25:36.796103722 +0100] - ERR - cos-plugin -
cos_dn_defs_cb - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which
should be added before the CoS Definition.
[26/Oct/2020:11:25:36.826914731 +0100] - INFO - slapd_daemon - slapd
started. Listening on All Interfaces port 389 for LDAP requests
[26/Oct/2020:11:25:36.828243699 +0100] - INFO - slapd_daemon -
Listening on All Interfaces port 636 for LDAPS requests
[26/Oct/2020:11:25:36.829512166 +0100] - INFO - slapd_daemon -
Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
Regards
Per
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
389 Directory Server Development Team
10:32 a.m.
Mark Reynolds via FreeIPA-users wrote:
Please provide the Directory Server access log snippet from this
failure
as well.
The issue is it can't find the groups on the REMOTE ldap server, not the
IPA server. If you could provide a sample entry for one of the remote
groups that would be helpful.
rob
Thanks,
Mark
On 10/26/20 7:59 AM, Per Qvindesland via FreeIPA-users wrote:
> Hi
>
> While running the command: echo password123 | ipa migrate-ds
> --with-compat ldap://ipofldap:389
> --bind-dn="cn=admin,dc=company,dc=com" --base-dn=dc=company,dc=com
> --user-container=ou=people --group-container=ou=groups --scope=subtree
> then it's failing with ipa:
> ERROR: group LDAP search did not return any result (search base:
> ou=groups,dc=company,dc=com, objectclass: groupofuniquenames,
> groupofnames)
>
> No matter how i change the command to ipa migrate-ds
> ldap://ldapserver:389 --bind-dn="cn=admin,dc=example,dc=com" then it
> still fails with the same error
>
> Does anyone know how I can resolve this? in the sladp errors logs I
> see this:
>
> [26/Oct/2020:11:18:18.622956777 +0100] - ERR - attrcrypt_init - All
> prepared ciphers are not available. Please disable attribute encryption.
> [26/Oct/2020:11:18:19.228133838 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does
> not exist
> [26/Oct/2020:11:18:19.229323016 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com
> does not exist
> [26/Oct/2020:11:18:19.229952707 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.230652382 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist
> [26/Oct/2020:11:18:19.231285195 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does
> not exist
> [26/Oct/2020:11:18:19.231934733 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.232593780 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.233232479 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.233866104 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.234486443 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.235118913 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.235747974 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.236394872 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.237060940 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.237715214 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.238356425 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:18:19.244588134 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist
> [26/Oct/2020:11:18:19.246571311 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
> [26/Oct/2020:11:18:19.247223136 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
> [26/Oct/2020:11:18:19.343344230 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=automember rebuild
> membership,cn=tasks,cn=config does not exist
> [26/Oct/2020:11:18:19.348552041 +0100] - ERR - cos-plugin -
> cos_dn_defs_cb - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which
> should be added before the CoS Definition.
> [26/Oct/2020:11:18:19.378667333 +0100] - INFO - slapd_daemon - slapd
> started. Listening on All Interfaces port 389 for LDAP requests
> [26/Oct/2020:11:18:19.381366608 +0100] - INFO - slapd_daemon -
> Listening on All Interfaces port 636 for LDAPS requests
> [26/Oct/2020:11:18:19.383976582 +0100] - INFO - slapd_daemon -
> Listening on /var/run/slapd-PROXDYNAMICS-COM.socket for LDAPI requests
> [26/Oct/2020:11:24:47.858883691 +0100] - INFO - op_thread_cleanup -
> slapd shutting down - signaling operation threads - op stack size 1
> max work q size 2 max work q stack size 2
> [26/Oct/2020:11:24:47.958419078 +0100] - INFO - slapd_daemon - slapd
> shutting down - closing down internal subsystems and plugins
> [26/Oct/2020:11:24:49.018815611 +0100] - INFO - bdb_pre_close -
> Waiting for 4 database threads to stop
> [26/Oct/2020:11:24:50.544575094 +0100] - INFO - bdb_pre_close - All
> database threads now stopped
> [26/Oct/2020:11:24:50.557264313 +0100] - INFO -
> ldbm_back_instance_set_destructor - Set of instances destroyed
> [26/Oct/2020:11:24:50.558354653 +0100] - INFO -
> connection_post_shutdown_cleanup - slapd shutting down - freed 2 work
> q stack objects - freed 5 op stack objects
> [26/Oct/2020:11:24:50.558915217 +0100] - INFO - main - slapd stopped.
> [26/Oct/2020:11:25:31.985322130 +0100] - INFO - slapd_extract_cert -
> CA CERT NAME: PROXDYNAMICS.COM IPA CA
> [26/Oct/2020:11:25:32.004250734 +0100] - WARN - Security
> Initialization - SSL alert: Sending pin request to SVRCore. You may
> need to run systemd-tty-ask-password-agent to provide the password.
> [26/Oct/2020:11:25:32.204204240 +0100] - INFO - slapd_extract_cert -
> SERVER CERT NAME: Server-Cert
> [26/Oct/2020:11:25:32.784801369 +0100] - INFO - Security
> Initialization - SSL info: Enabling default cipher set.
> [26/Oct/2020:11:25:32.785394876 +0100] - INFO - Security
> Initialization - SSL info: Configured NSS Ciphers
> [26/Oct/2020:11:25:32.785945734 +0100] - INFO - Security
> Initialization - SSL info: TLS_AES_128_GCM_SHA256: enabled
> [26/Oct/2020:11:25:32.786493194 +0100] - INFO - Security
> Initialization - SSL info: TLS_CHACHA20_POLY1305_SHA256: enabled
> [26/Oct/2020:11:25:32.787079571 +0100] - INFO - Security
> Initialization - SSL info: TLS_AES_256_GCM_SHA384: enabled
> [26/Oct/2020:11:25:32.787564682 +0100] - INFO - Security
> Initialization - SSL info:
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
> [26/Oct/2020:11:25:32.788075487 +0100] - INFO - Security
> Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
> enabled
> [26/Oct/2020:11:25:32.788559673 +0100] - INFO - Security
> Initialization - SSL info:
> TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
> [26/Oct/2020:11:25:32.789102837 +0100] - INFO - Security
> Initialization - SSL info:
> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
> [26/Oct/2020:11:25:32.789589594 +0100] - INFO - Security
> Initialization - SSL info:
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
> [26/Oct/2020:11:25:32.790077677 +0100] - INFO - Security
> Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
> enabled
> [26/Oct/2020:11:25:32.790578956 +0100] - INFO - Security
> Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
> enabled
> [26/Oct/2020:11:25:32.791113852 +0100] - INFO - Security
> Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
> enabled
> [26/Oct/2020:11:25:32.791943466 +0100] - INFO - Security
> Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [26/Oct/2020:11:25:32.792531988 +0100] - INFO - Security
> Initialization - SSL info:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
> [26/Oct/2020:11:25:32.793207244 +0100] - INFO - Security
> Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
> enabled
> [26/Oct/2020:11:25:32.793713859 +0100] - INFO - Security
> Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [26/Oct/2020:11:25:32.794224928 +0100] - INFO - Security
> Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
> enabled
> [26/Oct/2020:11:25:32.794737674 +0100] - INFO - Security
> Initialization - SSL info:
> TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
> [26/Oct/2020:11:25:32.795251667 +0100] - INFO - Security
> Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
> enabled
> [26/Oct/2020:11:25:32.795769593 +0100] - INFO - Security
> Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [26/Oct/2020:11:25:32.796287159 +0100] - INFO - Security
> Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
> enabled
> [26/Oct/2020:11:25:32.796807154 +0100] - INFO - Security
> Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [26/Oct/2020:11:25:32.797403513 +0100] - INFO - Security
> Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
> enabled
> [26/Oct/2020:11:25:32.797932212 +0100] - INFO - Security
> Initialization - SSL info: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> [26/Oct/2020:11:25:32.798459755 +0100] - INFO - Security
> Initialization - SSL info: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> [26/Oct/2020:11:25:32.799030910 +0100] - INFO - Security
> Initialization - SSL info: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> [26/Oct/2020:11:25:32.799573067 +0100] - INFO - Security
> Initialization - SSL info: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> [26/Oct/2020:11:25:32.800109380 +0100] - INFO - Security
> Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> [26/Oct/2020:11:25:32.800638525 +0100] - INFO - Security
> Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> [26/Oct/2020:11:25:33.345680476 +0100] - INFO - Security
> Initialization - slapd_ssl_init2 - Configured SSL version range: min:
> TLS1.2, max: TLS1.3
> [26/Oct/2020:11:25:33.346491118 +0100] - INFO - Security
> Initialization - slapd_ssl_init2 - NSS adjusted SSL version range:
> min: TLS1.2, max: TLS1.3
> [26/Oct/2020:11:25:33.347161756 +0100] - INFO - main -
> 389-Directory/1.4.2.4 B2020.255.2048 starting up
> [26/Oct/2020:11:25:33.347693917 +0100] - INFO - main - Setting the
> maximum file descriptor limit to: 262144
> [26/Oct/2020:11:25:34.438699059 +0100] - INFO - PBKDF2_SHA256 - Based
> on CPU performance, chose 2048 rounds
> [26/Oct/2020:11:25:34.442181997 +0100] - INFO -
> ldbm_instance_config_cachememsize_set - force a minimal value 512000
> [26/Oct/2020:11:25:34.448132662 +0100] - INFO -
> ldbm_instance_config_cachememsize_set - force a minimal value 512000
> [26/Oct/2020:11:25:34.453494825 +0100] - INFO -
> ldbm_instance_config_cachememsize_set - force a minimal value 512000
> [26/Oct/2020:11:25:34.458647975 +0100] - NOTICE - ldbm_back_start -
> found 3868940k physical memory
> [26/Oct/2020:11:25:34.459245844 +0100] - NOTICE - ldbm_back_start -
> found 3334504k available
> [26/Oct/2020:11:25:34.459802577 +0100] - NOTICE - ldbm_back_start -
> cache autosizing: db cache: 96723k
> [26/Oct/2020:11:25:34.460371153 +0100] - NOTICE - ldbm_back_start -
> cache autosizing: userRoot entry cache (3 total): 131072k
> [26/Oct/2020:11:25:34.461129521 +0100] - NOTICE - ldbm_back_start -
> cache autosizing: userRoot dn cache (3 total): 65536k
> [26/Oct/2020:11:25:34.462282548 +0100] - NOTICE - ldbm_back_start -
> cache autosizing: ipaca entry cache (3 total): 131072k
> [26/Oct/2020:11:25:34.463016641 +0100] - NOTICE - ldbm_back_start -
> cache autosizing: ipaca dn cache (3 total): 65536k
> [26/Oct/2020:11:25:34.464194998 +0100] - NOTICE - ldbm_back_start -
> cache autosizing: changelog entry cache (3 total): 131072k
> [26/Oct/2020:11:25:34.464956271 +0100] - NOTICE - ldbm_back_start -
> cache autosizing: changelog dn cache (3 total): 65536k
> [26/Oct/2020:11:25:34.465703802 +0100] - NOTICE - ldbm_back_start -
> total cache size: 683215667 B;
> [26/Oct/2020:11:25:35.118987768 +0100] - ERR - attrcrypt_unwrap_key -
> Failed to unwrap key for cipher AES
> [26/Oct/2020:11:25:35.119820971 +0100] - ERR - attrcrypt_cipher_init -
> Symmetric key failed to unwrap with the private key; Cert might have
> been renewed since the key is wrapped. To recover the encrypted
> contents, keep the wrapped symmetric key value.
> [26/Oct/2020:11:25:35.408089893 +0100] - ERR - attrcrypt_unwrap_key -
> Failed to unwrap key for cipher 3DES
> [26/Oct/2020:11:25:35.408739079 +0100] - ERR - attrcrypt_cipher_init -
> Symmetric key failed to unwrap with the private key; Cert might have
> been renewed since the key is wrapped. To recover the encrypted
> contents, keep the wrapped symmetric key value.
> [26/Oct/2020:11:25:35.409291926 +0100] - ERR - attrcrypt_init - All
> prepared ciphers are not available. Please disable attribute encryption.
> [26/Oct/2020:11:25:35.699507155 +0100] - ERR - attrcrypt_unwrap_key -
> Failed to unwrap key for cipher AES
> [26/Oct/2020:11:25:35.700197858 +0100] - ERR - attrcrypt_cipher_init -
> Symmetric key failed to unwrap with the private key; Cert might have
> been renewed since the key is wrapped. To recover the encrypted
> contents, keep the wrapped symmetric key value.
> [26/Oct/2020:11:25:35.993821262 +0100] - ERR - attrcrypt_unwrap_key -
> Failed to unwrap key for cipher 3DES
> [26/Oct/2020:11:25:35.995400166 +0100] - ERR - attrcrypt_cipher_init -
> Symmetric key failed to unwrap with the private key; Cert might have
> been renewed since the key is wrapped. To recover the encrypted
> contents, keep the wrapped symmetric key value.
> [26/Oct/2020:11:25:35.996128828 +0100] - ERR - attrcrypt_init - All
> prepared ciphers are not available. Please disable attribute encryption.
> [26/Oct/2020:11:25:36.676724884 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does
> not exist
> [26/Oct/2020:11:25:36.677458024 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com
> does not exist
> [26/Oct/2020:11:25:36.678097744 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.678801681 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist
> [26/Oct/2020:1 1:25:36.679445978 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does
> not exist
> [26/Oct/2020:11:25:36.680107840 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.680752352 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.681421435 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.682075173 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.682731538 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.683392435 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.683961442 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.684550864 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.685159287 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.685757939 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.686370905 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not
> exist
> [26/Oct/2020:11:25:36.692387853 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist
> [26/Oct/2020:11:25:36.694119273 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
> [26/Oct/2020:11:25:36.694778890 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
> [26/Oct/2020:11:25:36.790882675 +0100] - WARN - NSACLPlugin -
> acl_parse - The ACL target cn=automember rebuild
> membership,cn=tasks,cn=config does not exist
> [26/Oct/2020:11:25:36.796103722 +0100] - ERR - cos-plugin -
> cos_dn_defs_cb - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which
> should be added before the CoS Definition.
> [26/Oct/2020:11:25:36.826914731 +0100] - INFO - slapd_daemon - slapd
> started. Listening on All Interfaces port 389 for LDAP requests
> [26/Oct/2020:11:25:36.828243699 +0100] - INFO - slapd_daemon -
> Listening on All Interfaces port 636 for LDAPS requests
> [26/Oct/2020:11:25:36.829512166 +0100] - INFO - slapd_daemon -
> Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
>
> Regards
> Per
>
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
389 Directory Server Development Team
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
1272
days inactive
1272
days old
freeipa-users@lists.fedorahosted.org
2 comments
3 participants
participants (3)
-
Mark Reynolds -
Per Qvindesland -
Rob Crittenden