On Thu, Feb 01, 2018 at 10:39:00AM +0100, Christof Schulze via FreeIPA-users wrote:
pki-tomcatd does not start because the 'auditSigningCert cert-pki-ca' is
always invalid (expired or not valid now)
Old one
Not Before: Feb 9 12:01:11 2016 GMT
Not After : Jan 29 12:01:11 2018 GMT
New one
Not Before: Jan 29 13:22:53 2018 GMT
Not After : Jan 19 13:22:53 2020 GMT
Can I just restore this certificate from an old backup and try to resubmit
it long before it is expiring?
Or do I have to do an ipa-restore from the old backup.
This certificate is also already replicated to the replicas.
Sure. Backup the certificate and key using `pk12util' first. (Or
just make a copy the whole NSSDB) Then delete the certificate from
the NSSDB using `certutil -D`. (I think this will leave they key in
place). Then add the older certificate that will be valid according
to the system time. Then Dogtag should start, and you should be able
to continue recovering the system.
HTH,
Fraser
>
>
> On 01.02.2018 01:48, Fraser Tweedale via FreeIPA-users wrote:
> > On Wed, Jan 31, 2018 at 04:58:30PM +0100, Christof Schulze via FreeIPA-users
wrote:
> > > Hi,
> > >
> > > did time roll back. Does look like the pki-tomcatd is not running, and can
> > > not be restared.
> > >
> > > Checked the userCertificates, they look identical to me.
> > >
> > > The Certificate requests for the three expiring certificates are now in
> > > SUBMITTING-state. Cant see any other Errors than:
> > >
> > >
> > > Jan 26 20:23:59 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16805]:
> > > dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:30:36 idm1.XXXkd.fau.de systemd[1]: Stopping Certificate
> > > monitoring and PKI enrollment...
> > > Jan 26 20:30:36 idm1.XXXkd.fau.de systemd[1]: Starting Certificate
> > > monitoring and PKI enrollment...
> > >
> > > Is there some way to start certmonger and maybe the pki-tomcatd in
debugging
> > > mode?
> > >
> > What is is /var/log/pki/pki-tomcat/ca/debug? If it is not starting
> > properly, there should be some output in there related to that.
> >
> > Thanks,
> > Fraser
> >
> > >
> > > On 31.01.2018 00:27, Fraser Tweedale via FreeIPA-users wrote:
> > > > On Tue, Jan 30, 2018 at 05:29:46PM +0100, Christof Schulze via
FreeIPA-users wrote:
> > > > > Hi,
> > > > >
> > > > >
> > > > > Checked AVCs first. Selinux is always a burden on our Fedora
Clients.
> > > > >
> > > > > Certmonger is still trying.
> > > > >
> > > > > Does it make sense to make some timetravel for certificate
renewal with the
> > > > > Renewal master, even if the renewal didn't work when the
certificates where
> > > > > still valid?
> > > > >
> > > > Time travel will be necessary.
> > > >
> > > > Wind the clock back on the renewal master to a time when all certs
> > > > are valid, and then investigate why renewal was failing.
> > > >
> > > > Please check that the userCertificate attributes of the following
> > > > entries are in sync with their corresponding certificates:
> > > >
> > > > - uid=ipara,ou=people,o=ipaca
> > > > must match /var/lib/ipa/ra-agent.pem
> > > >
> > > > - uid=pkidbuser,ou=people,o=ipaca
> > > > must match /etc/pki/pki-tomcat/alias : 'subsystemCert
cert-pki-ca'
> > > >
> > > > Cheers,
> > > > Fraser
> > > >
> > > > >
> > > > >
> > > > >
> > > > > On 30.01.2018 16:42, Rob Crittenden via FreeIPA-users wrote:
> > > > > > Christof Schulze via FreeIPA-users wrote:
> > > > > > > Hi,
> > > > > > >
> > > > > > > Here may be the problem, all are masters, the idm1 I am
working on is
> > > > > > > the CA renewal master (checked ldap and config-show).
> > > > > > >
> > > > > > > IPA masters: idm1.ww8kd.fau.de, idm2.ww8kd.fau.de,
idm3.ww8kd.fau.de
> > > > > > > IPA CA servers: idm1.ww8kd.fau.de, idm2.ww8kd.fau.de,
idm3.ww8kd.fau.de
> > > > > > > IPA NTP servers: idm1.ww8kd.fau.de, idm2.ww8kd.fau.de,
idm3.ww8kd.fau.de
> > > > > > > IPA CA renewal master: idm1.ww8kd.fau.de
> > > > > > >
> > > > > > > But when checking the different points on the side
linked by you. I can
> > > > > > > see:
> > > > > > > All off them have
> > > > > > > ca.crl.MasterCRL.enableCRLUpdates=false
> > > > > > > ca.crl.MasterCRL.enableCRLCache=false
> > > > > > >
> > > > > > > And all of them have the RewriteRule in the
> > > > > > > /etc/httpd/conf.d/ipa-pki-proxy.conf.
> > > > > > >
> > > > > > > I remember years ago the original idm1 got roasted by
some electrical
> > > > > > > surge. And I think it got cloned by one of the others
(documentation
> > > > > > > would be king).
> > > > > > >
> > > > > > > So all of them are clones and we don't have a CRL
generation master.
> > > > > > >
> > > > > > > The renewed "auditSigningCert cert-pki-ca" on
the master didn't get
> > > > > > > replicated to the others.
> > > > > > >
> > > > > > > Can I just promote idm1 to become CRL generation master
by setting
> > > > > > > ca.crl.MasterCRL.enableCRLUpdates=true
> > > > > > > ca.crl.MasterCRL.enableCRLCache=true
> > > > > >
> > > > > > Yes but that won't affect renewal.
> > > > > >
> > > > > > > And how to get new certificates?
> > > > > >
> > > > > > As Flo suggested, check syslog for certmonger messages. Look
for AVCs.
> > > > > >
> > > > > > Look at the output of getcert list to see what the status
and errors are.
> > > > > >
> > > > > > rob
> > > > > >
> > > > > > >
> > > > > > >
> > > > > > > And Thanks for your patience.
> > > > > > >
> > > > > > >
> > > > > > > On 30.01.2018 14:26, Florence Blanc-Renaud wrote:
> > > > > > > > On 01/30/2018 02:02 PM, Christof Schulze via
FreeIPA-users wrote:
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > Now the roof is on fire, all certificates are
synced on all masters
> > > > > > > > > since a long time ago.
> > > > > > > > >
> > > > > > > > > The not renewing certificates in
/etc/pki/pki-tomcat/alias have now
> > > > > > > > > expired
> > > > > > > > > "subsystemCert
cert-pki-ca" , "ocspSigningCert cert-pki-ca" ,
> > > > > > > > >
"/var/lib/ipa/ra-agent.pem"
> > > > > > > > >
> > > > > > > > > The "auditSigningCert cert-pki-ca"
certificate is the only one which
> > > > > > > > > has been renewed. (Old Serial Number: 5
(0x5), New Serial Number:
> > > > > > > > > 536739845 (0x1ffe0005) valid till 2020)
> > > > > > > > >
> > > > > > > > > The userCertificate in
(uid=ipara,ou=people,o=ipaca) and the IPA RA
> > > > > > > > > certificate in /var/lib/ipa/ra-agent.pem are
matching and expired.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > pki-tomcat can no longer access the ldap.
> > > > > > > > >
> > > > > > > > > slapi_ldap_bind - Error: could not
send startTLS request: error
> > > > > > > > > -1 (Can't contact LDAP server) errno 107
(Transport endpoint is not
> > > > > > > > > connected)
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Is there some way this situation can be
solved?
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > you need first to identify who is your renewal
master and start
> > > > > > > > repairing this machine. You can use ipa
config-show or a direct
> > > > > > > > ldapsearch as described here
> > > > > > > >
(
https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#I...)
> > > > > > > > to find the renewal master.
> > > > > > > >
> > > > > > > > On the renewal master, check if the certificates
have been properly
> > > > > > > > renewed. If it is not the case, you will need to
chase the failure by
> > > > > > > > checking SE linux AVCs or errors in the journal
produced by certmonger.
> > > > > > > > The renewal master really needs to be repaired
first, as it is the
> > > > > > > > source containing some certs that will later be
downloaded by the
> > > > > > > > other masters.
> > > > > > > >
> > > > > > > > Flo
> > > > > > > >
> > > > > > > > >
> > > > > > > > > Thanks
> > > > > > > > >
> > > > > > > > > Christof Schulze
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Request ID '20171206120336':
> > > > > > > > > status: MONITORING
> > > > > > > > > stuck: no
> > > > > > > > > key pair storage:
> > > > > > > > >
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
> > > > > > > > > cert-pki-ca',token='NSS Certificate
DB',pin set
> > > > > > > > > certificate:
> > > > > > > > >
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
> > > > > > > > > cert-pki-ca',token='NSS Certificate
DB'
> > > > > > > > > CA: dogtag-ipa-ca-renew-agent
> > > > > > > > > issuer: CN=Certificate
Authority,O=XXXKD.FAU.DE,OU=Some
> > > > > > > > > Institute (XXX) -
FAU,C=DE,E=guy(a)example.com,L=FUERTH
> > > > > > > > > subject: CN=CA
Audit,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
> > > > > > > > > FAU,C=DE,E=guy(a)example.com,L=FUERTH
> > > > > > > > > expires: 2020-01-19 13:22:53 UTC
> > > > > > > > > key usage:
digitalSignature,nonRepudiation
> > > > > > > > > pre-save command:
/usr/libexec/ipa/certmonger/stop_pkicad
> > > > > > > > > post-save command:
/usr/libexec/ipa/certmonger/renew_ca_cert
> > > > > > > > > "auditSigningCert cert-pki-ca"
> > > > > > > > > track: yes
> > > > > > > > > auto-renew: yes
> > > > > > > > > Request ID '20171206120337':
> > > > > > > > > status: MONITORING
> > > > > > > > > stuck: no
> > > > > > > > > key pair storage:
> > > > > > > > >
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
> > > > > > > > > cert-pki-ca',token='NSS Certificate
DB',pin set
> > > > > > > > > certificate:
> > > > > > > > >
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
> > > > > > > > > cert-pki-ca',token='NSS Certificate
DB'
> > > > > > > > > CA: dogtag-ipa-ca-renew-agent
> > > > > > > > > issuer: CN=Certificate
Authority,O=XXXKD.FAU.DE,OU=Some
> > > > > > > > > Institute (XXX) -
FAU,C=DE,E=guy(a)example.com,L=FUERTH
> > > > > > > > > subject: CN=OCSP
Subsystem,O=XXXKD.FAU.DE,OU=Some Institute
> > > > > > > > > (XXX) - FAU,C=DE,E=guy(a)example.com,L=FUERTH
> > > > > > > > > expires: 2018-01-29 12:00:44 UTC
> > > > > > > > > key usage:
digitalSignature,nonRepudiation,keyCertSign,cRLSign
> > > > > > > > > eku: id-kp-OCSPSigning
> > > > > > > > > pre-save command:
/usr/libexec/ipa/certmonger/stop_pkicad
> > > > > > > > > post-save command:
/usr/libexec/ipa/certmonger/renew_ca_cert
> > > > > > > > > "ocspSigningCert cert-pki-ca"
> > > > > > > > > track: yes
> > > > > > > > > auto-renew: yes
> > > > > > > > > Request ID '20171206120338':
> > > > > > > > > status: MONITORING
> > > > > > > > > stuck: no
> > > > > > > > > key pair storage:
> > > > > > > > >
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
> > > > > > > > > cert-pki-ca',token='NSS Certificate
DB',pin set
> > > > > > > > > certificate:
> > > > > > > > >
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
> > > > > > > > > cert-pki-ca',token='NSS Certificate
DB'
> > > > > > > > > CA: dogtag-ipa-ca-renew-agent
> > > > > > > > > issuer: CN=Certificate
Authority,O=XXXKD.FAU.DE,OU=Some
> > > > > > > > > Institute (XXX) -
FAU,C=DE,E=guy(a)example.com,L=FUERTH
> > > > > > > > > subject: CN=CA
Subsystem,O=XXXKD.FAU.DE,OU=Some Institute (XXX)
> > > > > > > > > - FAU,C=DE,E=guy(a)example.com,L=FUERTH
> > > > > > > > > expires: 2018-01-29 12:00:44 UTC
> > > > > > > > > key usage:
> > > > > > > > >
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> > > > > > > > > eku:
id-kp-serverAuth,id-kp-clientAuth
> > > > > > > > > pre-save command:
/usr/libexec/ipa/certmonger/stop_pkicad
> > > > > > > > > post-save command:
/usr/libexec/ipa/certmonger/renew_ca_cert
> > > > > > > > > "subsystemCert cert-pki-ca"
> > > > > > > > > track: yes
> > > > > > > > > auto-renew: yes
> > > > > > > > > Request ID '20171206120340':
> > > > > > > > > status: MONITORING
> > > > > > > > > stuck: no
> > > > > > > > > key pair storage:
type=FILE,location='/var/lib/ipa/ra-agent.key'
> > > > > > > > > certificate:
type=FILE,location='/var/lib/ipa/ra-agent.pem'
> > > > > > > > > CA: dogtag-ipa-ca-renew-agent
> > > > > > > > > issuer: CN=Certificate
Authority,O=XXXKD.FAU.DE,OU=Some
> > > > > > > > > Institute (XXX) -
FAU,C=DE,E=guy(a)example.com,L=FUERTH
> > > > > > > > > subject: CN=IPA
RA,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
> > > > > > > > > FAU,C=DE,E=guy(a)example.com,L=FUERTH
> > > > > > > > > expires: 2018-01-29 12:01:11 UTC
> > > > > > > > > key usage:
> > > > > > > > >
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> > > > > > > > > eku:
id-kp-serverAuth,id-kp-clientAuth
> > > > > > > > > pre-save command:
/usr/libexec/ipa/certmonger/renew_ra_cert_pre
> > > > > > > > > post-save command:
/usr/libexec/ipa/certmonger/renew_ra_cert
> > > > > > > > > track: yes
> > > > > > > > > auto-renew: yes
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On 30.01.2018 00:40, Fraser Tweedale via
FreeIPA-users wrote:
> > > > > > > > > > On Mon, Jan 29, 2018 at 03:55:07PM
+0100, Christof Schulze via
> > > > > > > > > > FreeIPA-users wrote:
> > > > > > > > > > > Hi,
> > > > > > > > > > >
> > > > > > > > > > > some certificates on our
freeipa-cluster (3 servers) are have been not
> > > > > > > > > > > renewed till now, 2 hours before
expiring. Can this be a problem?
> > > > > > > > > > >
> > > > > > > > > > > Some of the certificates, the ones
expiring show "ca-error:
> > > > > > > > > > > Invalid cookie:
> > > > > > > > > > > '' in the "getcert
list" output, what makes me nervous.
> > > > > > > > > > >
> > > > > > > > > > > We also have the problem when
certmonger can not reach the CA
> > > > > > > > > > > CA_UNREACHABLE
> > > > > > > > > > > after restarting a freeipa-server.
But when we restart the
> > > > > > > > > > > certmonger.server
> > > > > > > > > > > after everything being up again
everything looks good.
> > > > > > > > > > >
> > > > > > > > > > > Maybe you can give me some advice
what to check and which logs you
> > > > > > > > > > > else
> > > > > > > > > > > would need.
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Thanks
> > > > > > > > > > >
> > > > > > > > > > > Christof Schulze
> > > > > > > > > > >
> > > > > > > > > > Hi Christof,
> > > > > > > > > >
> > > > > > > > > > Yes, it is a problem. They should have
been renewed before now.
> > > > > > > > > > The errors in `getcert list' output
show that there has been a
> > > > > > > > > > problem.
> > > > > > > > > >
> > > > > > > > > > First, check that all certificates are
valid, all certificates have
> > > > > > > > > > been synced across all masters using
`ipa-certupdate` on each
> > > > > > > > > > master. You should also check that the
userCertificate attribute in
> > > > > > > > > > entry:
> > > > > > > > > >
> > > > > > > > > > uid=ipara,ou=people,o=ipaca
> > > > > > > > > >
> > > > > > > > > > matches the actual IPA RA certificate in
/var/lib/ipa/ra-agent.pem
> > > > > > > > > >
> > > > > > > > > > Also check that your topology has
correct renewal master
> > > > > > > > > > configuration. ldapsearch
cn=masters,cn=ipa,cn=etc,dc=ipa,dc=local
> > > > > > > > > > with filter
(&(cn=CA)(ipaConfigString=caRenewalMaster)). It should
> > > > > > > > > > return exactly one entry and it must be
a valid, active master.
> > > > > > > > > >
> > > > > > > > > > HTH,
> > > > > > > > > > Fraser
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > _______________________________________________
> > > > > > FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.org
> > > > > > To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
> > > > > >
> > > >
> > > > >
> > > > > journalctl -u certmonger.service
> > > > >
> > > > > Jan 29 20:43:46 idm1.ww8kd.fau.de certmonger[13223]: Certificate
in file "/var/lib/ipa/ra-agent.pem" is no longer valid.
> > > > > Jan 29 20:43:49 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[13225]: Forwarding request to dogtag-ipa-renew-agent
> > > > > Jan 29 20:43:49 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[13225]: dogtag-ipa-renew-agent returned 2
> > > > >
> > > > > .... repeating till...
> > > > >
> > > > > Jan 29 20:45:10 idm1.ww8kd.fau.de certmonger[13328]: Certificate
named "ocspSigningCert cert-pki-ca" in token "NSS Certificate DB" in
database "/etc/pki/pki-tomcat/alias" is no longer valid.
> > > > > Jan 29 20:45:13 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[13330]: Forwarding request to dogtag-ipa-renew-agent
> > > > >
> > > > > .... repeating till...
> > > > >
> > > > > Jan 29 20:53:36 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[13943]: dogtag-ipa-renew-agent returned 2
> > > > > Jan 29 20:53:47 idm1.ww8kd.fau.de certmonger[13954]: Certificate
named "ocspSigningCert cert-pki-ca" in token "NSS Certificate DB" in
database "/etc/pki/pki-tomcat/alias" is no longer valid.
> > > > > Jan 29 20:53:49 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[13956]: Forwarding request to dogtag-ipa-renew-agent
> > > > > Jan 29 20:53:49 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[13956]: dogtag-ipa-renew-agent returned 2
> > > > >
> > > > > .... repeating till...
> > > > >
> > > > > Jan 29 20:55:57 idm1.ww8kd.fau.de certmonger[14110]: Certificate
named "ocspSigningCert cert-pki-ca" in token "NSS Certificate DB" in
database "/etc/pki/pki-tomcat/alias" is no longer valid.
> > > > > Jan 29 20:55:59 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[14112]: Forwarding request to dogtag-ipa-renew-agent
> > > > > Jan 29 20:55:59 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[14112]: dogtag-ipa-renew-agent returned 2
> > > > >
> > > > > .... repeating
> > > > >
> > > > > Then suddenly:
> > > > >
> > > > > Jan 30 16:09:31 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[27370]: Traceback (most recent call last):
> > > > >
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit",
line 540, in <module>
> > > > >
sys.exit(main())
> > > > >
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit",
line 514, in main
> > > > >
kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_filename)
> > > > >
File "/usr/lib/python2.7/site-packages/ipalib/install/kinit.py",
line 43, in kinit_keytab
> > > > >
cred = gssapi.Credentials(name=name, store=store,
usage='initiate')
> > > > >
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 64,
in __new__
> > > > >
store=store)
> > > > >
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line
148, in acquire
> > > > >
usage)
> > > > >
File "ext_cred_store.pyx", line 182, in
gssapi.raw.ext_cred_store.acquire_cred_from (gssapi/raw/ext_cred_store.c:1732)
> > > > >
GSSError: Major (851968): Unspecified GSS failure. Minor code may provide more
information, Minor (2529639068): Cannot contact any KDC for realm 'WW8KD.FAU.DE'
> > > > > Jan 30 16:09:31 idm1.ww8kd.fau.de certmonger[15905]: 2018-01-30
16:09:31 [15905] Internal error
> > > > > Jan 30 16:09:50 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[27500]: Traceback (most recent call last):
> > > > >
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit",
line 540, in <module>
> > > > >
sys.exit(main())
> > > > >
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit",
line 514, in main
> > > > >
kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_filename)
> > > > >
File "/usr/lib/python2.7/site-packages/ipalib/install/kinit.py",
line 43, in kinit_keytab
> > > > >
cred = gssapi.Credentials(name=name, store=store,
usage='initiate')
> > > > >
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 64,
in __new__
> > > > >
store=store)
> > > > >
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line
148, in acquire
> > > > >
usage)
> > > > >
File "ext_cred_store.pyx", line 182, in
gssapi.raw.ext_cred_store.acquire_cred_from (gssapi/raw/ext_cred_store.c:1732)
> > > > >
GSSError: Major (851968): Unspecified GSS failure. Minor code may provide more
information, Minor (2529639068): Cannot contact any KDC for realm 'WW8KD.FAU.DE'
> > > > > Jan 30 16:09:50 idm1.ww8kd.fau.de certmonger[15905]: 2018-01-30
16:09:50 [15905] Internal error
> > > > > Jan 30 16:09:51 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[27509]: Traceback (most recent call last):
> > > > >
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit",
line 540, in <module>
> > > > >
sys.exit(main())
> > > > >
File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit",
line 514, in main
> > > > >
kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_filename)
> > > > >
File "/usr/lib/python2.7/site-packages/ipalib/install/kinit.py",
line 43, in kinit_keytab
> > > > >
cred = gssapi.Credentials(name=name, store=store,
usage='initiate')
> > > > >
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 64,
in __new__
> > > > >
store=store)
> > > > >
File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line
148, in acquire
> > > > >
usage)
> > > > >
File "ext_cred_store.pyx", line 182, in
gssapi.raw.ext_cred_store.acquire_cred_from (gssapi/raw/ext_cred_store.c:1732)
> > > > >
GSSError: Major (851968): Unspecified GSS failure. Minor code may provide more
information, Minor (2529639068): Cannot contact any KDC for realm 'WW8KD.FAU.DE'
> > > > > Jan 30 16:09:51 idm1.ww8kd.fau.de certmonger[15905]: 2018-01-30
16:09:51 [15905] Internal error
> > > > > Jan 30 16:15:03 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[28056]: Forwarding request to dogtag-ipa-renew-agent
> > > > > Jan 30 16:15:03 idm1.ww8kd.fau.de
dogtag-ipa-ca-renew-agent-submit[28056]: dogtag-ipa-renew-agent returned 2
> > > > >
> > > > > .... repeating till end...
> > > >
> > > > > an 30 17:10:18 idm1 certmonger: Certificate named
"subsystemCert cert-pki-ca" in token "NSS Certificate DB" in database
"/etc/pki/pki-tomcat/alias" is no longer valid.
> > > > > Jan 30 17:10:20 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding
request to dogtag-ipa-renew-agent
> > > > > Jan 30 17:10:20 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > > > Jan 30 17:10:24 idm1 server: Jan 30, 2018 5:10:24 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> > > > > Jan 30 17:10:24 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> > > > > Jan 30 17:10:24 idm1 server:
javax.ws.rs.ServiceUnavailableException: Subsystem unavailable
> > > > > Jan 30 17:10:24 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> > > > > Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> > > > > Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> > > > > Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> > > > > Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > > > Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > > > Jan 30 17:10:24 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> > > > > Jan 30 17:10:24 idm1 server: at
java.lang.Thread.run(Thread.java:748)
> > > > > Jan 30 17:10:26 idm1 certmonger: Certificate in file
"/var/lib/ipa/ra-agent.pem" is no longer valid.
> > > > > Jan 30 17:10:28 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding
request to dogtag-ipa-renew-agent
> > > > > Jan 30 17:10:28 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > > > Jan 30 17:10:34 idm1 server: Jan 30, 2018 5:10:34 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> > > > > Jan 30 17:10:34 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> > > > > Jan 30 17:10:34 idm1 server:
javax.ws.rs.ServiceUnavailableException: Subsystem unavailable
> > > > > Jan 30 17:10:34 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> > > > > Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> > > > > Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> > > > > Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> > > > > Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > > > Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > > > Jan 30 17:10:34 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> > > > > Jan 30 17:10:34 idm1 server: at
java.lang.Thread.run(Thread.java:748)
> > > > > Jan 30 17:10:44 idm1 server: Jan 30, 2018 5:10:44 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> > > > > Jan 30 17:10:44 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> > > > > Jan 30 17:10:44 idm1 server:
javax.ws.rs.ServiceUnavailableException: Subsystem unavailable
> > > > > Jan 30 17:10:44 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> > > > > Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> > > > > Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> > > > > Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> > > > > Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > > > Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > > > Jan 30 17:10:44 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> > > > > Jan 30 17:10:44 idm1 server: at
java.lang.Thread.run(Thread.java:748)
> > > > > Jan 30 17:10:44 idm1 certmonger: Certificate named
"ocspSigningCert cert-pki-ca" in token "NSS Certificate DB" in
database "/etc/pki/pki-tomcat/alias" is no longer valid.
> > > > > Jan 30 17:10:46 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding
request to dogtag-ipa-renew-agent
> > > > > Jan 30 17:10:46 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > > > Jan 30 17:10:50 idm1 certmonger: Certificate named
"subsystemCert cert-pki-ca" in token "NSS Certificate DB" in database
"/etc/pki/pki-tomcat/alias" is no longer valid.
> > > > > Jan 30 17:10:53 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding
request to dogtag-ipa-renew-agent
> > > > > Jan 30 17:10:53 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > > > Jan 30 17:10:54 idm1 server: Jan 30, 2018 5:10:54 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> > > > > Jan 30 17:10:54 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> > > > > Jan 30 17:10:54 idm1 server:
javax.ws.rs.ServiceUnavailableException: Subsystem unavailable
> > > > > Jan 30 17:10:54 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> > > > > Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> > > > > Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> > > > > Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> > > > > Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > > > Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > > > Jan 30 17:10:54 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> > > > > Jan 30 17:10:54 idm1 server: at
java.lang.Thread.run(Thread.java:748)
> > > > > Jan 30 17:10:58 idm1 certmonger: Certificate in file
"/var/lib/ipa/ra-agent.pem" is no longer valid.
> > > > > Jan 30 17:11:01 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding
request to dogtag-ipa-renew-agent
> > > > > Jan 30 17:11:01 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > >
> > > > > _______________________________________________
> > > > > FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.org
> > > > > To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
> > >
> > >
> > > --
> > > Christof Schulze
> > >
> > > Institute of Materials Simulation (WW8)
> > > Department of Materials Science
> > > Friedrich-Alexander-University Erlangen-Nürnberg
> > > Dr.-Mack-Str. 77,
> > > 90762 Fürth, Germany
> > >
> > > Tel: 0911/65078-65069
> > > Email: christof.schulze(a)ww.uni-erlangen.de
> >
> > > journalctl -u certmonger.service
> > >
> > >
> > > Jan 26 20:03:58 idm1.XXXkd.fau.de ipa-submit[15799]: GSSAPI client step 1
> > > Jan 26 20:03:58 idm1.XXXkd.fau.de ipa-submit[15799]: GSSAPI client step 1
> > > Jan 26 20:03:58 idm1.XXXkd.fau.de ipa-submit[15799]: GSSAPI client step 1
> > > Jan 26 20:03:58 idm1.XXXkd.fau.de ipa-submit[15799]: GSSAPI client step 1
> > > Jan 26 20:03:58 idm1.XXXkd.fau.de ipa-submit[15799]: GSSAPI client step 2
> > > Jan 26 20:03:59 idm1.XXXkd.fau.de certmonger[15838]: Certificate named
"ocspSigningCert cert-pki-ca" in token "NSS Certificate DB" in
database "/etc/pki/pki-tomcat/alias" will not be valid after 20180129120044.
> > > Jan 26 20:04:32 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15860]:
Forwarding request to dogtag-ipa-renew-agent
> > > Jan 26 20:04:32 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15860]:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:04:42 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15853]:
Forwarding request to dogtag-ipa-renew-agent
> > > Jan 26 20:04:42 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15853]:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:04:52 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15851]:
Forwarding request to dogtag-ipa-renew-agent
> > > Jan 26 20:04:52 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[15851]:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:06:08 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16044]:
Forwarding request to dogtag-ipa-renew-agent
> > > Jan 26 20:06:08 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16044]:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:16:36 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16726]:
Forwarding request to dogtag-ipa-renew-agent
> > > Jan 26 20:16:37 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16726]:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:17:37 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16746]:
Forwarding request to dogtag-ipa-renew-agent
> > > Jan 26 20:17:37 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16746]:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:23:59 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16805]:
Forwarding request to dogtag-ipa-renew-agent
> > > Jan 26 20:23:59 idm1.XXXkd.fau.de dogtag-ipa-ca-renew-agent-submit[16805]:
dogtag-ipa-renew-agent returned 2
> >
> > > equest ID '20171206120337':
> > > status: SUBMITTING
> > > stuck: no
> > > key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
> > > certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB'
> > > CA: dogtag-ipa-ca-renew-agent
> > > issuer: CN=Certificate Authority,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> > > subject: CN=OCSP Subsystem,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> > > expires: 2018-01-29 12:00:44 UTC
> > > key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
> > > eku: id-kp-OCSPSigning
> > > pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
> > > post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
"ocspSigningCert cert-pki-ca"
> > > track: yes
> > > auto-renew: yes
> > > Request ID '20171206120338':
> > > status: SUBMITTING
> > > stuck: no
> > > key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB',pin set
> > > certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB'
> > > CA: dogtag-ipa-ca-renew-agent
> > > issuer: CN=Certificate Authority,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> > > subject: CN=CA Subsystem,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> > > expires: 2018-01-29 12:00:44 UTC
> > > key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> > > eku: id-kp-serverAuth,id-kp-clientAuth
> > > pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
> > > post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
"subsystemCert cert-pki-ca"
> > > track: yes
> > > auto-renew: yes
> > > Request ID '20171206120340':
> > > status: SUBMITTING
> > > stuck: no
> > > key pair storage: type=FILE,location='/var/lib/ipa/ra-agent.key'
> > > certificate: type=FILE,location='/var/lib/ipa/ra-agent.pem'
> > > CA: dogtag-ipa-ca-renew-agent
> > > issuer: CN=Certificate Authority,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> > > subject: CN=IPA RA,O=XXXKD.FAU.DE,OU=Some Institute (XXX) -
FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> > > expires: 2018-01-29 12:01:11 UTC
> > > key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> > > eku: id-kp-serverAuth,id-kp-clientAuth
> > > pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
> > > post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
> > > track: yes
> > > auto-renew: yes
> >
> > > ldapsearch -x -h localhost -b uid=pkidbuser,ou=people,o=ipaca
> > > # extended LDIF
> > > #
> > > # LDAPv3
> > > # base <uid=pkidbuser,ou=people,o=ipaca> with scope subtree
> > > # filter: (objectclass=*)
> > > # requesting: ALL
> > > #
> > >
> > > # pkidbuser, people, ipaca
> > > dn: uid=pkidbuser,ou=people,o=ipaca
> > > objectClass: top
> > > objectClass: person
> > > objectClass: organizationalPerson
> > > objectClass: inetOrgPerson
> > > objectClass: cmsuser
> > > uid: pkidbuser
> > > sn: pkidbuser
> > > cn: pkidbuser
> > > mail:
> > > usertype: agentType
> > > userstate: 1
> > > description: 2;4;CN=Certificate Authority,O=XXXKD.FAU.DE,OU=Institute of
Mater
> > > ials Simulation (XXX) - FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH;CN=CA
Sub
> > > system,O=XXXKD.FAU.DE,OU=Some Institute (XXX) - FAU,C=DE,E
> > > =christof.schulze(a)fau.de,L=FUERTH
> > > userCertificate:: MIIEcz
> > > .................
> > > seeAlso: CN=CA Subsystem,O=XXXKD.FAU.DE,OU=Some Institute (
> > > XXX) - FAU,C=DE,E=christof.schulze(a)fau.de,L=FUERTH
> > >
> > > # search result
> > > search: 2
> > > result: 0 Success
> > >
> > > # numResponses: 2
> > > # numEntries: 1
> >
> >
> > > Jan 26 20:00:00 idm1 systemd: Time has been changed
> > > Jan 26 20:00:05 idm1 server: Jan 26, 2018 8:00:05 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> > > Jan 26 20:00:05 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> > > Jan 26 20:00:05 idm1 server: javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
> > > Jan 26 20:00:05 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> > > Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> > > Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> > > Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> > > Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:05 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> > > Jan 26 20:00:05 idm1 server: at java.lang.Thread.run(Thread.java:748)
> > > Jan 26 20:00:10 idm1 ns-slapd: [26/Jan/2018:20:00:10.040578826 +0100] -
WARN - csngen_new_csn - Too much time skew (-416592 secs). Current seqnum=4
> > > Jan 26 20:00:10 idm1 ns-slapd: [26/Jan/2018:20:00:10.061165225 +0100] -
WARN - csngen_new_csn - Too much time skew (-416593 secs). Current seqnum=5
> > > Jan 26 20:00:10 idm1 ns-slapd: [26/Jan/2018:20:00:10.087176808 +0100] -
WARN - csngen_new_csn - Too much time skew (-416594 secs). Current seqnum=6
> > > Jan 26 20:00:10 idm1 ns-slapd: [26/Jan/2018:20:00:10.093683659 +0100] -
WARN - csngen_new_csn - Too much time skew (-416595 secs). Current seqnum=7
> > > Jan 26 20:00:15 idm1 server: Jan 26, 2018 8:00:15 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> > > Jan 26 20:00:15 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> > > Jan 26 20:00:15 idm1 server: javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
> > > Jan 26 20:00:15 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> > > Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> > > Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> > > Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> > > Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:15 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> > > Jan 26 20:00:15 idm1 server: at java.lang.Thread.run(Thread.java:748)
> > > Jan 26 20:00:25 idm1 server: Jan 26, 2018 8:00:25 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> > > Jan 26 20:00:25 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> > > Jan 26 20:00:25 idm1 server: javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
> > > Jan 26 20:00:25 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> > > Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> > > Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> > > Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> > > Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:25 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> > > Jan 26 20:00:25 idm1 server: at java.lang.Thread.run(Thread.java:748)
> > > Jan 26 20:00:26 idm1 systemd: Starting PKI Tomcat Server tomcatd...
> > > Jan 26 20:00:26 idm1 pkidaemon: tomcatd is an invalid 'tomcat'
instance
> > > Jan 26 20:00:26 idm1 systemd: pki-tomcatd(a)tomcatd.service: control process
exited, code=exited status=5
> > > Jan 26 20:00:26 idm1 systemd: Failed to start PKI Tomcat Server tomcatd.
> > > Jan 26 20:00:26 idm1 systemd: Unit pki-tomcatd(a)tomcatd.service entered
failed state.
> > > Jan 26 20:00:26 idm1 systemd: pki-tomcatd(a)tomcatd.service failed.
> > > Jan 26 20:00:30 idm1 ns-slapd: [26/Jan/2018:20:00:30.030350069 +0100] -
WARN - csngen_new_csn - Too much time skew (-416576 secs). Current seqnum=8
> > > Jan 26 20:00:30 idm1 ns-slapd: [26/Jan/2018:20:00:30.036532171 +0100] -
WARN - csngen_new_csn - Too much time skew (-416577 secs). Current seqnum=9
> > > Jan 26 20:00:30 idm1 ns-slapd: [26/Jan/2018:20:00:30.054084481 +0100] -
WARN - csngen_new_csn - Too much time skew (-416578 secs). Current seqnum=a
> > > Jan 26 20:00:30 idm1 ns-slapd: [26/Jan/2018:20:00:30.072843629 +0100] -
WARN - csngen_new_csn - Too much time skew (-416579 secs). Current seqnum=b
> > > Jan 26 20:00:35 idm1 server: Jan 26, 2018 8:00:35 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> > > Jan 26 20:00:35 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> > > Jan 26 20:00:35 idm1 server: javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
> > > Jan 26 20:00:35 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> > > Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> > > Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> > > Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> > > Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:35 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> > > Jan 26 20:00:35 idm1 server: at java.lang.Thread.run(Thread.java:748)
> > > Jan 26 20:00:45 idm1 server: Jan 26, 2018 8:00:45 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> > > Jan 26 20:00:45 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> > > Jan 26 20:00:45 idm1 server: javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
> > > Jan 26 20:00:45 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> > > Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> > > Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> > > Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> > > Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:45 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> > > Jan 26 20:00:45 idm1 server: at java.lang.Thread.run(Thread.java:748)
> > > Jan 26 20:00:48 idm1 ns-slapd: [26/Jan/2018:20:00:48.030570760 +0100] -
WARN - csngen_new_csn - Too much time skew (-416562 secs). Current seqnum=4
> > > Jan 26 20:00:48 idm1 ns-slapd: [26/Jan/2018:20:00:48.035772779 +0100] -
WARN - csngen_new_csn - Too much time skew (-416563 secs). Current seqnum=5
> > > Jan 26 20:00:48 idm1 ns-slapd: [26/Jan/2018:20:00:48.053399054 +0100] -
WARN - csngen_new_csn - Too much time skew (-416564 secs). Current seqnum=6
> > > Jan 26 20:00:48 idm1 ns-slapd: [26/Jan/2018:20:00:48.058488375 +0100] -
WARN - csngen_new_csn - Too much time skew (-416565 secs). Current seqnum=7
> > > Jan 26 20:00:54 idm1 systemd: Stopped target PKI Tomcat Server.
> > > Jan 26 20:00:54 idm1 systemd: Stopping PKI Tomcat Server.
> > > Jan 26 20:00:54 idm1 systemd: Stopping PKI Tomcat Server pki-tomcat...
> > > Jan 26 20:00:54 idm1 systemd: Stopping 389 Directory Server
XXXKD-FAU-DE....
> > > Jan 26 20:00:54 idm1 ns-slapd: [26/Jan/2018:20:00:54.631434461 +0100] -
INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack
size 19 max work q size 6 max work q stack size 6
> > > Jan 26 20:00:54 idm1 ns-slapd: [26/Jan/2018:20:00:54.662944402 +0100] -
INFO - slapd_daemon - slapd shutting down - waiting for 14 threads to terminate
> > > Jan 26 20:00:54 idm1 ns-slapd: [26/Jan/2018:20:00:54.693612476 +0100] -
INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins
> > > Jan 26 20:00:55 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> > > Jan 26 20:00:55 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> > > Jan 26 20:00:55 idm1 server: main class used:
org.apache.catalina.startup.Bootstrap
> > > Jan 26 20:00:55 idm1 server: flags used:
-DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.library.path=/usr/lib64/nuxwdog-jni
> > > Jan 26 20:00:55 idm1 server: options used:
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> > > Jan 26 20:00:55 idm1 server: arguments used: stop
> > > Jan 26 20:00:55 idm1 ns-slapd: [26/Jan/2018:20:00:55.269159082 +0100] -
INFO - dblayer_pre_close - Waiting for 4 database threads to stop
> > > Jan 26 20:00:55 idm1 server: Jan 26, 2018 8:00:55 PM
org.apache.catalina.core.ContainerBase backgroundProcess
> > > Jan 26 20:00:55 idm1 server: WARNING: Exception processing realm
com.netscape.cms.tomcat.ProxyRealm@3a9d3f72 background process
> > > Jan 26 20:00:55 idm1 server: javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
> > > Jan 26 20:00:55 idm1 server: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> > > Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1356)
> > > Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5958)
> > > Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1542)
> > > Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1552)
> > > Jan 26 20:00:55 idm1 server: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1520)
> > > Jan 26 20:00:55 idm1 server: at java.lang.Thread.run(Thread.java:748)
> > > Jan 26 20:00:56 idm1 ns-slapd: [26/Jan/2018:20:00:56.047222363 +0100] -
INFO - dblayer_pre_close - All database threads now stopped
> > > Jan 26 20:00:56 idm1 ns-slapd: [26/Jan/2018:20:00:56.136143475 +0100] -
INFO - ldbm_back_instance_set_destructor - Set of instances destroyed
> > > Jan 26 20:00:56 idm1 ns-slapd: [26/Jan/2018:20:00:56.250499625 +0100] -
INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 6 work q stack
objects - freed 19 op stack objects
> > > Jan 26 20:00:56 idm1 ns-slapd: [26/Jan/2018:20:00:56.466290546 +0100] -
INFO - main - slapd stopped.
> > > Jan 26 20:00:57 idm1 systemd: Starting 389 Directory Server
XXXKD-FAU-DE....
> > > Jan 26 20:00:57 idm1 server: Jan 26, 2018 8:00:57 PM
org.apache.catalina.startup.ClassLoaderFactory validateFile
> > > Jan 26 20:00:57 idm1 server: WARNING: Problem with JAR file
[/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead: [false]
> > > Jan 26 20:00:59 idm1 server: Jan 26, 2018 8:00:59 PM
org.apache.catalina.core.StandardServer await
> > > Jan 26 20:00:59 idm1 server: INFO: A valid shutdown command was received
via the shutdown port. Stopping the Server instance.
> > > Jan 26 20:00:59 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_stop]
> > > Jan 26 20:00:59 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[stop]
> > > Jan 26 20:00:59 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_stop]
> > > Jan 26 20:00:59 idm1 server: Jan 26, 2018 8:00:59 PM
org.apache.coyote.AbstractProtocol pause
> > > Jan 26 20:00:59 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.166056006 +0100] -
WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need
to run systemd-tty-ask-password-agent to provide the password.
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.192768272 +0100] -
INFO - Security Initialization - SSL info: Enabling default cipher set.
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.194054627 +0100] -
INFO - Security Initialization - SSL info: Configured NSS Ciphers
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.195443005 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.196488030 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.197471823 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.198476669 +0100] -
INFO - Security Initialization - SSL info:
#011TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.199408370 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.200335494 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.201269623 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.202187620 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.203076746 +0100] -
INFO - Security Initialization - SSL info:
#011TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:01:00 idm1 systemd: Stopped PKI Tomcat Server pki-tomcat.
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.212403223 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.213802057 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.214320583 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.215664034 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.216287901 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.216973776 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.217398701 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.217909449 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.218369168 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.218796504 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.219235985 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.220009250 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.220862707 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.221671302 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.222376985 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.223115430 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.223989576 +0100] -
INFO - Security Initialization - SSL info: #011TLS_AES_128_GCM_SHA256: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.224808605 +0100] -
INFO - Security Initialization - SSL info: #011TLS_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.225509347 +0100] -
INFO - Security Initialization - SSL info: #011TLS_AES_256_GCM_SHA384: enabled
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.251261397 +0100] -
INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min:
TLS1.0, max: TLS1.2
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.252601147 +0100] -
INFO - main - 389-Directory/1.3.6.1 B2018.025.1550 starting up
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.267546859 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.271447152 +0100] -
WARN - default_mr_indexer_create - Plugin [caseIgnoreIA5Match] does not handle
caseExactIA5Match
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.275981745 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.283140403 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.289336025 +0100] -
NOTICE - ldbm_back_start - found 1532164k physical memory
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.290187342 +0100] -
NOTICE - ldbm_back_start - found 588692k available
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.291044337 +0100] -
NOTICE - ldbm_back_start - cache autosizing: db cache: 61286k
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.291982935 +0100] -
NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 65536k
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.294255028 +0100] -
NOTICE - ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 65536k
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.296509006 +0100] -
NOTICE - ldbm_back_start - cache autosizing: changelog entry cache (3 total): 65536k
> > > Jan 26 20:01:00 idm1 ns-slapd: [26/Jan/2018:20:01:00.298844301 +0100] -
NOTICE - ldbm_back_start - total cache size: 282989821 B;
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.208240370 +0100] - ERR
- schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after
the server startup!
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.256911972 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.258221666 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=keys,cn=sec,cn=dns,dc=XXXkd,dc=fau,dc=de
does not exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.259183606 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.260299224 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.261345202 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.262389108 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=XXXkd,dc=fau,dc=de
does not exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.263438748 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.264619539 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.265661588 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.266617305 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.267503563 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.268386977 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.269339542 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.270164213 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.271060127 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.271880025 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.272730680 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.273618472 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.274598861 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.275455547 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.276441760 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.283273623 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.284297934 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:01:01 idm1 systemd: Started Session 84 of user root.
> > > Jan 26 20:01:01 idm1 systemd: Starting Session 84 of user root.
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.396213753 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.399323317 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.399986425 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.400970832 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.636616613 +0100] - ERR
- schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.639886286 +0100] - ERR
- set_krb5_creds - Could not get initial credentials for principal
[ldap/idm1.XXXkd.fau.de(a)XXXKD.FAU.DE] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324
(Generic error (see e-text))
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.644711700 +0100] -
INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP
requests
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.645973404 +0100] -
INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
> > > Jan 26 20:01:01 idm1 ns-slapd: [26/Jan/2018:20:01:01.659963996 +0100] -
INFO - slapd_daemon - Listening on /var/run/slapd-XXXKD-FAU-DE.socket for LDAPI requests
> > > Jan 26 20:01:01 idm1 ns-slapd: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (No Kerberos credentials available (default cache:
/tmp/krb5cc_993))
> > > Jan 26 20:01:01 idm1 systemd: Started 389 Directory Server XXXKD-FAU-DE..
> > > Jan 26 20:01:01 idm1 systemd: Stopping Kerberos 5 KDC...
> > > Jan 26 20:01:01 idm1 systemd: Starting Kerberos 5 KDC...
> > > Jan 26 20:01:02 idm1 systemd: PID file /var/run/krb5kdc.pid not readable
(yet?) after start.
> > > Jan 26 20:01:02 idm1 systemd: Started Kerberos 5 KDC.
> > > Jan 26 20:01:02 idm1 systemd: Stopping Kerberos 5 Password-changing and
Administration...
> > > Jan 26 20:01:02 idm1 systemd: kadmin.service: main process exited,
code=exited, status=2/INVALIDARGUMENT
> > > Jan 26 20:01:02 idm1 systemd: Unit kadmin.service entered failed state.
> > > Jan 26 20:01:02 idm1 systemd: kadmin.service failed.
> > > Jan 26 20:01:02 idm1 systemd: Starting Kerberos 5 Password-changing and
Administration...
> > > Jan 26 20:01:02 idm1 systemd: Started Kerberos 5 Password-changing and
Administration.
> > > Jan 26 20:01:02 idm1 systemd: Stopping The Apache HTTP Server...
> > > Jan 26 20:01:04 idm1 kernel: httpd[27874]: segfault at 8 ip
00007ff9ffbd2a90 sp 00007ff9dbc05d70 error 4 in libpython2.7.so.1.0[7ff9ffad3000+17d000]
> > > Jan 26 20:01:04 idm1 ns-slapd: [26/Jan/2018:20:01:04.672339153 +0100] -
WARN - csngen_new_csn - Too much time skew (-416549 secs). Current seqnum=8
> > > Jan 26 20:01:05 idm1 ns-slapd: [26/Jan/2018:20:01:05.044521936 +0100] - ERR
- NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meToidm2.XXXkd.fau.de"
(idm2:389) - Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials)
()
> > > Jan 26 20:01:05 idm1 systemd: Starting The Apache HTTP Server...
> > > Jan 26 20:01:05 idm1 ipa-httpd-kdcproxy: ipa : INFO KDC proxy
enabled
> > > Jan 26 20:01:06 idm1 systemd: Started The Apache HTTP Server.
> > > Jan 26 20:01:07 idm1 systemd: Stopping IPA Custodia Service...
> > > Jan 26 20:01:07 idm1 systemd: Starting IPA Custodia Service...
> > > Jan 26 20:01:07 idm1 ns-slapd: [26/Jan/2018:20:01:07.739422386 +0100] - ERR
- schema-compat-plugin - Finished plugin initialization.
> > > Jan 26 20:01:08 idm1 ipa-custodia: 2018-01-26 20:01:08 - server
- Serving on Unix socket /run/httpd/ipa-custodia.sock
> > > Jan 26 20:01:08 idm1 systemd: Started IPA Custodia Service.
> > > Jan 26 20:01:08 idm1 systemd: Starting Network Time Service...
> > > Jan 26 20:01:08 idm1 ntpd[15428]: ntpd 4.2.6p5(a)1.2349-o Wed Apr 12 21:24:06
UTC 2017 (1)
> > > Jan 26 20:01:08 idm1 ntpd[15429]: proto: precision = 0.087 usec
> > > Jan 26 20:01:08 idm1 ntpd[15429]: 0.0.0.0 c01d 0d kern kernel time sync
enabled
> > > Jan 26 20:01:08 idm1 systemd: Started Network Time Service.
> > > Jan 26 20:01:08 idm1 ntpd[15429]: getaddrinfo:
"2001:638:a000:b201::/64" invalid host address, ignored
> > > Jan 26 20:01:08 idm1 systemd: Starting PKI Tomcat Server pki-tomcat...
> > > Jan 26 20:01:08 idm1 ntpd[15429]: restrict: error in address
'2001:638:a000:b201::/64' on line 21. Ignoring...
> > > Jan 26 20:01:08 idm1 ntpd[15429]: Listen and drop on 0 v4wildcard 0.0.0.0
UDP 123
> > > Jan 26 20:01:08 idm1 ntpd[15429]: Listen and drop on 1 v6wildcard :: UDP
123
> > > Jan 26 20:01:08 idm1 ntpd[15429]: Listen normally on 2 lo 127.0.0.1 UDP
123
> > > Jan 26 20:01:08 idm1 ntpd[15429]: Listen normally on 3 eth0 10.188.220.100
UDP 123
> > > Jan 26 20:01:08 idm1 ntpd[15429]: Listen normally on 4 lo ::1 UDP 123
> > > Jan 26 20:01:08 idm1 ntpd[15429]: Listen normally on 5 eth0
fe80::5054:ff:fe4e:b270 UDP 123
> > > Jan 26 20:01:08 idm1 ntpd[15429]: Listen normally on 6 eth0
2001:638:a000:b201::220:100 UDP 123
> > > Jan 26 20:01:08 idm1 ntpd[15429]: Listening on routing socket on fd #23 for
interface updates
> > > Jan 26 20:01:08 idm1 ntpd[15429]: 0.0.0.0 c016 06 restart
> > > Jan 26 20:01:08 idm1 ntpd[15429]: 0.0.0.0 c012 02 freq_set ntpd -11.506
PPM
> > > Jan 26 20:01:09 idm1 pkidaemon: -----------------------
> > > Jan 26 20:01:09 idm1 pkidaemon: Banner is not installed
> > > Jan 26 20:01:09 idm1 pkidaemon: -----------------------
> > > Jan 26 20:01:09 idm1 pkidaemon: ----------------------
> > > Jan 26 20:01:09 idm1 pkidaemon: Enabled all subsystems
> > > Jan 26 20:01:09 idm1 pkidaemon: ----------------------
> > > Jan 26 20:01:10 idm1 systemd: Started PKI Tomcat Server pki-tomcat.
> > > Jan 26 20:01:10 idm1 systemd: Reached target PKI Tomcat Server.
> > > Jan 26 20:01:10 idm1 systemd: Starting PKI Tomcat Server.
> > > Jan 26 20:01:10 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> > > Jan 26 20:01:10 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> > > Jan 26 20:01:10 idm1 server: main class used:
org.apache.catalina.startup.Bootstrap
> > > Jan 26 20:01:10 idm1 server: flags used:
-DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.library.path=/usr/lib64/nuxwdog-jni
> > > Jan 26 20:01:10 idm1 server: options used:
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.security.manager
-Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
> > > Jan 26 20:01:10 idm1 server: arguments used: start
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.ClassLoaderFactory validateFile
> > > Jan 26 20:01:11 idm1 server: WARNING: Problem with JAR file
[/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead: [false]
> > > Jan 26 20:01:11 idm1 ns-slapd: [26/Jan/2018:20:01:11.084620256 +0100] -
WARN - csngen_new_csn - Too much time skew (-416544 secs). Current seqnum=9
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'enableOCSP' to
'false' did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderURL' to 'http://idm1.XXXkd.fau.de:9080/ca/ocsp' did not find
a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find
a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspCacheSize'
to '1000' did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMinCacheEntryDuration' to '60' did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspTimeout' to
'10' did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'strictCiphers'
to 'true' did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslOptions' to
'ssl2=false,ssl3=false,tls=true' did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl2Ciphers' to
'-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5'
did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl3Ciphers' to
'-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'tlsCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching
property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching
property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslRangeCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256'
did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordFile'
to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordClass'
to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did not find a matching
property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'certdbDir' to
'/var/lib/pki/pki-tomcat/alias' did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property 'xmlValidation'
to 'false' did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: Jan 26, 2018 8:01:11 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> > > Jan 26 20:01:11 idm1 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'xmlNamespaceAware' to 'false' did not find a matching property.
> > > Jan 26 20:01:11 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_init]
> > > Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:01:12 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:01:12 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:01:12 idm1 server: Error: SSL cipher
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> > > Jan 26 20:01:12 idm1 server: Error: SSL cipher
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> > > Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:01:12 idm1 server: INFO: Initializing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:01:12 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_init]
> > > Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.catalina.startup.Catalina load
> > > Jan 26 20:01:12 idm1 server: INFO: Initialization processed in 1363 ms
> > > Jan 26 20:01:12 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_start]
> > > Jan 26 20:01:12 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_start]
> > > Jan 26 20:01:12 idm1 ns-slapd: [26/Jan/2018:20:01:12.623763048 +0100] -
WARN - csngen_new_csn - Too much time skew (-416544 secs). Current seqnum=a
> > > Jan 26 20:01:12 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[start]
> > > Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.catalina.core.StandardService startInternal
> > > Jan 26 20:01:12 idm1 server: INFO: Starting service Catalina
> > > Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.catalina.core.StandardEngine startInternal
> > > Jan 26 20:01:12 idm1 server: INFO: Starting Servlet Engine: Apache
Tomcat/7.0.76
> > > Jan 26 20:01:12 idm1 server: Jan 26, 2018 8:01:12 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:01:12 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml
> > > Jan 26 20:01:12 idm1 ns-slapd: [26/Jan/2018:20:01:12.731562409 +0100] -
WARN - csngen_new_csn - Too much time skew (-416544 secs). Current seqnum=b
> > > Jan 26 20:01:12 idm1 server: SSLAuthenticatorWithFallback: Creating SSL
authenticator with fallback
> > > Jan 26 20:01:12 idm1 server: SSLAuthenticatorWithFallback: Setting
container
> > > Jan 26 20:01:13 idm1 ntpd[15429]: 0.0.0.0 c515 05 clock_sync
> > > Jan 26 20:01:15 idm1 server: Jan 26, 2018 8:01:15 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:01:15 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:01:15 idm1 server: SSLAuthenticatorWithFallback: Initializing
authenticators
> > > Jan 26 20:01:15 idm1 server: SSLAuthenticatorWithFallback: Starting
authenticators
> > > Jan 26 20:01:15 idm1 server: CMSEngine.initializePasswordStore() begins
> > > Jan 26 20:01:15 idm1 server: CMSEngine.initializePasswordStore():
tag=internaldb
> > > Jan 26 20:01:15 idm1 server: CMSEngine.initializePasswordStore():
tag=replicationdb
> > > Jan 26 20:01:18 idm1 server: SelfTestSubsystem: Disabling "ca"
subsystem due to selftest failure.
> > > Jan 26 20:01:18 idm1 server: -----------------------
> > > Jan 26 20:01:18 idm1 server: Disabled "ca" subsystem
> > > Jan 26 20:01:18 idm1 server: -----------------------
> > > Jan 26 20:01:18 idm1 server: Subsystem ID: ca
> > > Jan 26 20:01:18 idm1 server: Instance ID: pki-tomcat
> > > Jan 26 20:01:18 idm1 server: Enabled: False
> > > Jan 26 20:01:18 idm1 server: Invalid class name repositorytop
> > > Jan 26 20:01:19 idm1 server: Invalid class name repositorytop
> > > Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.DBRegistry.createObject(DBRegistry.java:485)
> > > Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:167)
> > > Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:137)
> > > Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.getSerialNumber(Repository.java:125)
> > > Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.initCache(Repository.java:244)
> > > Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:460)
> > > Jan 26 20:01:19 idm1 server: at
com.netscape.cmscore.apps.CMSEngine.startup(CMSEngine.java:1378)
> > > Jan 26 20:01:19 idm1 server: at
com.netscape.certsrv.apps.CMS.startup(CMS.java:202)
> > > Jan 26 20:01:19 idm1 server: at
com.netscape.certsrv.apps.CMS.start(CMS.java:1632)
> > > Jan 26 20:01:19 idm1 server: at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117)
> > > Jan 26 20:01:19 idm1 server: at
javax.servlet.GenericServlet.init(GenericServlet.java:158)
> > > Jan 26 20:01:19 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > Jan 26 20:01:19 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > > Jan 26 20:01:19 idm1 server: at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > Jan 26 20:01:19 idm1 server: at
java.lang.reflect.Method.invoke(Method.java:498)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> > > Jan 26 20:01:19 idm1 server: at
java.security.AccessController.doPrivileged(Native Method)
> > > Jan 26 20:01:19 idm1 server: at
javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1257)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5368)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
> > > Jan 26 20:01:19 idm1 server: at
java.security.AccessController.doPrivileged(Native Method)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
> > > Jan 26 20:01:19 idm1 server: at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
> > > Jan 26 20:01:19 idm1 server: at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> > > Jan 26 20:01:19 idm1 server: at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
> > > Jan 26 20:01:19 idm1 server: at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> > > Jan 26 20:01:19 idm1 server: at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> > > Jan 26 20:01:19 idm1 server: at java.lang.Thread.run(Thread.java:748)
> > > Jan 26 20:01:19 idm1 server: Jan 26, 2018 8:01:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:01:19 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml has finished in 6,698 ms
> > > Jan 26 20:01:19 idm1 server: Jan 26, 2018 8:01:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:01:19 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml
> > > Jan 26 20:01:20 idm1 server: Jan 26, 2018 8:01:20 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:01:20 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:01:20 idm1 server: Jan 26, 2018 8:01:20 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:01:20 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml has finished in 857 ms
> > > Jan 26 20:01:20 idm1 server: Jan 26, 2018 8:01:20 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:01:20 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml
> > > Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:01:21 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:01:21 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml has finished in 1,161 ms
> > > Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:01:21 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:01:21 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:01:21 idm1 server: INFO: Starting ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:01:21 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_start]
> > > Jan 26 20:01:21 idm1 ntpd[15429]: 0.0.0.0 0613 03 spike_detect
+416608.985992 s
> > > Jan 26 20:01:21 idm1 server: PKIListener: Subsystem CA is disabled.
> > > Jan 26 20:01:21 idm1 server: PKIListener: Check
/var/log/pki/pki-tomcat/ca/selftests.log for possible errors.
> > > Jan 26 20:01:21 idm1 server: PKIListener: To enable the subsystem:
> > > Jan 26 20:01:21 idm1 server: PKIListener: pki-server subsystem-enable -i
pki-tomcat ca
> > > Jan 26 20:01:21 idm1 server: Jan 26, 2018 8:01:21 PM
org.apache.catalina.startup.Catalina start
> > > Jan 26 20:01:21 idm1 server: INFO: Server startup in 8856 ms
> > > Jan 26 20:01:23 idm1 ns-slapd: [26/Jan/2018:20:01:23.234040056 +0100] -
WARN - csngen_new_csn - Too much time skew (-416535 secs). Current seqnum=c
> > > Jan 26 20:01:31 idm1 ns-slapd: [26/Jan/2018:20:01:31.761653163 +0100] -
WARN - csngen_new_csn - Too much time skew (-416527 secs). Current seqnum=d
> > > Jan 26 20:01:31 idm1 ns-slapd: [26/Jan/2018:20:01:31.782442210 +0100] -
WARN - csngen_new_csn - Too much time skew (-416528 secs). Current seqnum=e
> > > Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.startup.HostConfig undeploy
> > > Jan 26 20:01:31 idm1 server: INFO: Undeploying context [/ca]
> > > Jan 26 20:01:31 idm1 server: SSLAuthenticatorWithFallback: Stopping
authenticators
> > > Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:01:31 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-0 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:01:31 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-2 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:01:31 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [authorityMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> > > Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:01:31 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-3 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:01:31 idm1 server: Jan 26, 2018 8:01:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:01:31 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [profileChangeMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> > > Jan 26 20:01:31 idm1 server: SSLAuthenticatorWithFallback: Setting
container
> > > Jan 26 20:01:32 idm1 ns-slapd: [26/Jan/2018:20:01:32.298667463 +0100] -
WARN - csngen_new_csn - Too much time skew (-416529 secs). Current seqnum=f
> > > Jan 26 20:01:32 idm1 ns-slapd: [26/Jan/2018:20:01:32.678832654 +0100] -
WARN - csngen_new_csn - Too much time skew (-416530 secs). Current seqnum=10
> > > Jan 26 20:01:33 idm1 ns-slapd: [26/Jan/2018:20:01:33.028623160 +0100] -
WARN - csngen_new_csn - Too much time skew (-416530 secs). Current seqnum=11
> > > Jan 26 20:01:33 idm1 ns-slapd: [26/Jan/2018:20:01:33.048763804 +0100] -
WARN - csngen_new_csn - Too much time skew (-416531 secs). Current seqnum=12
> > > Jan 26 20:01:47 idm1 ns-slapd: [26/Jan/2018:20:01:47.701332510 +0100] -
WARN - csngen_new_csn - Too much time skew (-416517 secs). Current seqnum=13
> > > Jan 26 20:02:04 idm1 ns-slapd: [26/Jan/2018:20:02:04.380427048 +0100] -
WARN - csngen_new_csn - Too much time skew (-416502 secs). Current seqnum=14
> > > Jan 26 20:02:04 idm1 ns-slapd: [26/Jan/2018:20:02:04.405310477 +0100] -
WARN - csngen_new_csn - Too much time skew (-416503 secs). Current seqnum=15
> > > Jan 26 20:02:34 idm1 ns-slapd: [26/Jan/2018:20:02:34.796622396 +0100] -
WARN - csngen_new_csn - Too much time skew (-416473 secs). Current seqnum=16
> > > Jan 26 20:02:37 idm1 ns-slapd: [26/Jan/2018:20:02:37.454779669 +0100] -
WARN - csngen_new_csn - Too much time skew (-416472 secs). Current seqnum=17
> > > Jan 26 20:02:37 idm1 ns-slapd: [26/Jan/2018:20:02:37.476249201 +0100] -
WARN - csngen_new_csn - Too much time skew (-416473 secs). Current seqnum=18
> > > Jan 26 20:02:37 idm1 ns-slapd: [26/Jan/2018:20:02:37.517017269 +0100] -
WARN - csngen_new_csn - Too much time skew (-416474 secs). Current seqnum=19
> > > Jan 26 20:02:37 idm1 ns-slapd: [26/Jan/2018:20:02:37.539991754 +0100] -
WARN - csngen_new_csn - Too much time skew (-416475 secs). Current seqnum=1a
> > > Jan 26 20:02:48 idm1 systemd: Stopping Network Time Service...
> > > Jan 26 20:02:48 idm1 ntpd[15429]: ntpd exiting on signal 15
> > > Jan 26 20:02:48 idm1 systemd: Stopped Network Time Service.
> > > Jan 26 20:03:01 idm1 ns-slapd: [26/Jan/2018:20:03:01.034768459 +0100] -
WARN - csngen_new_csn - Too much time skew (-416452 secs). Current seqnum=1b
> > > Jan 26 20:03:01 idm1 ns-slapd: [26/Jan/2018:20:03:01.055043214 +0100] -
WARN - csngen_new_csn - Too much time skew (-416453 secs). Current seqnum=1c
> > > Jan 26 20:03:03 idm1 ns-slapd: [26/Jan/2018:20:03:03.375580834 +0100] -
WARN - csngen_new_csn - Too much time skew (-416452 secs). Current seqnum=1d
> > > Jan 26 20:03:03 idm1 ns-slapd: [26/Jan/2018:20:03:03.399395635 +0100] -
WARN - csngen_new_csn - Too much time skew (-416453 secs). Current seqnum=1e
> > > Jan 26 20:03:10 idm1 ns-slapd: [26/Jan/2018:20:03:10.279455298 +0100] -
WARN - csngen_new_csn - Too much time skew (-416447 secs). Current seqnum=1f
> > > Jan 26 20:03:10 idm1 ns-slapd: [26/Jan/2018:20:03:10.320874031 +0100] -
WARN - csngen_new_csn - Too much time skew (-416448 secs). Current seqnum=20
> > > Jan 26 20:03:45 idm1 systemd: Stopping Certificate monitoring and PKI
enrollment...
> > > Jan 26 20:03:45 idm1 systemd: Stopped Certificate monitoring and PKI
enrollment.
> > > Jan 26 20:03:56 idm1 systemd: Starting Certificate monitoring and PKI
enrollment...
> > > Jan 26 20:03:57 idm1 systemd: Started Certificate monitoring and PKI
enrollment.
> > > Jan 26 20:03:58 idm1 ns-slapd: [26/Jan/2018:20:03:58.111287110 +0100] -
WARN - csngen_new_csn - Too much time skew (-416401 secs). Current seqnum=21
> > > Jan 26 20:03:58 idm1 ns-slapd: [26/Jan/2018:20:03:58.390628999 +0100] -
WARN - csngen_new_csn - Too much time skew (-416402 secs). Current seqnum=22
> > > Jan 26 20:03:59 idm1 certmonger: Certificate named "ocspSigningCert
cert-pki-ca" in token "NSS Certificate DB" in database
"/etc/pki/pki-tomcat/alias" will not be valid after 20180129120044.
> > > Jan 26 20:03:59 idm1 certmonger: Certificate named "subsystemCert
cert-pki-ca" in token "NSS Certificate DB" in database
"/etc/pki/pki-tomcat/alias" will not be valid after 20180129120044.
> > > Jan 26 20:03:59 idm1 certmonger: Certificate in file
"/var/lib/ipa/ra-agent.pem" will not be valid after 20180129120111.
> > > Jan 26 20:04:01 idm1 ns-slapd: [26/Jan/2018:20:04:01.082324882 +0100] -
WARN - csngen_new_csn - Too much time skew (-416400 secs). Current seqnum=23
> > > Jan 26 20:04:06 idm1 ns-slapd: [26/Jan/2018:20:04:06.245845741 +0100] -
WARN - csngen_new_csn - Too much time skew (-416396 secs). Current seqnum=24
> > > Jan 26 20:04:17 idm1 ns-slapd: [26/Jan/2018:20:04:17.377907663 +0100] -
WARN - csngen_new_csn - Too much time skew (-416385 secs). Current seqnum=25
> > > Jan 26 20:04:32 idm1 ns-slapd: [26/Jan/2018:20:04:32.296003137 +0100] -
WARN - csngen_new_csn - Too much time skew (-416372 secs). Current seqnum=26
> > > Jan 26 20:04:32 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request
to dogtag-ipa-renew-agent
> > > Jan 26 20:04:32 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:04:42 idm1 ns-slapd: [26/Jan/2018:20:04:42.139493501 +0100] -
WARN - csngen_new_csn - Too much time skew (-416363 secs). Current seqnum=27
> > > Jan 26 20:04:42 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request
to dogtag-ipa-renew-agent
> > > Jan 26 20:04:42 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:04:52 idm1 ns-slapd: [26/Jan/2018:20:04:52.130303926 +0100] -
WARN - csngen_new_csn - Too much time skew (-416354 secs). Current seqnum=28
> > > Jan 26 20:04:52 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request
to dogtag-ipa-renew-agent
> > > Jan 26 20:04:52 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:05:15 idm1 systemd: Reloading.
> > > Jan 26 20:05:16 idm1 systemd: [/usr/lib/systemd/system/ip6tables.service:3]
Failed to add dependency on syslog.target,iptables.service, ignoring: Invalid argument
> > > Jan 26 20:06:08 idm1 ns-slapd: [26/Jan/2018:20:06:08.075349646 +0100] -
WARN - csngen_new_csn - Too much time skew (-416279 secs). Current seqnum=29
> > > Jan 26 20:06:08 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request
to dogtag-ipa-renew-agent
> > > Jan 26 20:06:08 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:06:10 idm1 systemd: Stopping Kerberos 5 KDC...
> > > Jan 26 20:06:10 idm1 systemd: Stopped Kerberos 5 KDC.
> > > Jan 26 20:06:10 idm1 systemd: Stopping Kerberos 5 Password-changing and
Administration...
> > > Jan 26 20:06:10 idm1 systemd: kadmin.service: main process exited,
code=exited, status=2/INVALIDARGUMENT
> > > Jan 26 20:06:10 idm1 systemd: Stopped Kerberos 5 Password-changing and
Administration.
> > > Jan 26 20:06:10 idm1 systemd: Unit kadmin.service entered failed state.
> > > Jan 26 20:06:10 idm1 systemd: kadmin.service failed.
> > > Jan 26 20:06:10 idm1 systemd: Stopping The Apache HTTP Server...
> > > Jan 26 20:06:43 idm1 systemd: Stopped The Apache HTTP Server.
> > > Jan 26 20:06:44 idm1 systemd: Stopping IPA Custodia Service...
> > > Jan 26 20:06:44 idm1 systemd: Stopped IPA Custodia Service.
> > > Jan 26 20:06:44 idm1 systemd: Stopped target PKI Tomcat Server.
> > > Jan 26 20:06:44 idm1 systemd: Stopping PKI Tomcat Server.
> > > Jan 26 20:06:44 idm1 systemd: Stopping PKI Tomcat Server pki-tomcat...
> > > Jan 26 20:06:44 idm1 systemd: Stopping Samba SMB Daemon...
> > > Jan 26 20:06:44 idm1 smbd[28030]: [2018/01/26 20:06:44.275355, 0]
../source3/rpc_server/lsasd.c:139(lsasd_sig_term_handler)
> > > Jan 26 20:06:44 idm1 smbd[28030]: termination signal
> > > Jan 26 20:06:44 idm1 systemd: Stopped Samba SMB Daemon.
> > > Jan 26 20:06:44 idm1 systemd: Stopping Samba Winbind Daemon...
> > > Jan 26 20:06:44 idm1 winbindd[28044]: [2018/01/26 20:06:44.476018, 0]
../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
> > > Jan 26 20:06:44 idm1 winbindd[28044]: Got sig[15] terminate (is_parent=1)
> > > Jan 26 20:06:44 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> > > Jan 26 20:06:44 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> > > Jan 26 20:06:44 idm1 server: main class used:
org.apache.catalina.startup.Bootstrap
> > > Jan 26 20:06:44 idm1 server: flags used:
-DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.library.path=/usr/lib64/nuxwdog-jni
> > > Jan 26 20:06:44 idm1 server: options used:
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> > > Jan 26 20:06:44 idm1 server: arguments used: stop
> > > Jan 26 20:06:44 idm1 winbindd[28045]: [2018/01/26 20:06:44.508730, 0]
../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
> > > Jan 26 20:06:44 idm1 systemd: Stopped Samba Winbind Daemon.
> > > Jan 26 20:06:44 idm1 winbindd[28045]: Got sig[15] terminate (is_parent=0)
> > > Jan 26 20:06:44 idm1 systemd: Closed ipa-otpd socket.
> > > Jan 26 20:06:44 idm1 systemd: Stopping ipa-otpd socket.
> > > Jan 26 20:06:44 idm1 systemd: Stopping 389 Directory Server
XXXKD-FAU-DE....
> > > Jan 26 20:06:44 idm1 ns-slapd: [26/Jan/2018:20:06:44.721155688 +0100] -
INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack
size 5 max work q size 2 max work q stack size 2
> > > Jan 26 20:06:44 idm1 ns-slapd: [26/Jan/2018:20:06:44.735943820 +0100] -
INFO - slapd_daemon - slapd shutting down - waiting for 18 threads to terminate
> > > Jan 26 20:06:44 idm1 ns-slapd: [26/Jan/2018:20:06:44.825965094 +0100] -
INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins
> > > Jan 26 20:06:45 idm1 ns-slapd: [26/Jan/2018:20:06:45.381054379 +0100] -
INFO - dblayer_pre_close - Waiting for 4 database threads to stop
> > > Jan 26 20:06:45 idm1 ns-slapd: [26/Jan/2018:20:06:45.927329520 +0100] -
INFO - dblayer_pre_close - All database threads now stopped
> > > Jan 26 20:06:46 idm1 ns-slapd: [26/Jan/2018:20:06:46.117991206 +0100] -
INFO - ldbm_back_instance_set_destructor - Set of instances destroyed
> > > Jan 26 20:06:46 idm1 ns-slapd: [26/Jan/2018:20:06:46.172299744 +0100] -
INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 2 work q stack
objects - freed 7 op stack objects
> > > Jan 26 20:06:46 idm1 server: Jan 26, 2018 8:06:46 PM
org.apache.catalina.startup.ClassLoaderFactory validateFile
> > > Jan 26 20:06:46 idm1 server: WARNING: Problem with JAR file
[/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead: [false]
> > > Jan 26 20:06:46 idm1 ns-slapd: [26/Jan/2018:20:06:46.752180768 +0100] -
INFO - main - slapd stopped.
> > > Jan 26 20:06:47 idm1 systemd: Stopped 389 Directory Server XXXKD-FAU-DE..
> > > Jan 26 20:06:47 idm1 server: Jan 26, 2018 8:06:47 PM
org.apache.catalina.core.StandardServer await
> > > Jan 26 20:06:47 idm1 server: INFO: A valid shutdown command was received
via the shutdown port. Stopping the Server instance.
> > > Jan 26 20:06:47 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_stop]
> > > Jan 26 20:06:47 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[stop]
> > > Jan 26 20:06:47 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_stop]
> > > Jan 26 20:06:47 idm1 server: Jan 26, 2018 8:06:47 PM
org.apache.coyote.AbstractProtocol pause
> > > Jan 26 20:06:47 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:06:47 idm1 server: Jan 26, 2018 8:06:47 PM
org.apache.coyote.AbstractProtocol pause
> > > Jan 26 20:06:47 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:06:48 idm1 server: Jan 26, 2018 8:06:48 PM
org.apache.coyote.AbstractProtocol pause
> > > Jan 26 20:06:48 idm1 server: INFO: Pausing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:06:48 idm1 systemd: Stopped PKI Tomcat Server pki-tomcat.
> > > Jan 26 20:07:15 idm1 systemd: Starting 389 Directory Server
XXXKD-FAU-DE....
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.478325959 +0100] -
WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need
to run systemd-tty-ask-password-agent to provide the password.
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.480593865 +0100] -
INFO - Security Initialization - SSL info: Enabling default cipher set.
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.481219973 +0100] -
INFO - Security Initialization - SSL info: Configured NSS Ciphers
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.481824600 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.482318301 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.482871806 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.483404678 +0100] -
INFO - Security Initialization - SSL info:
#011TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.483877775 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.484356724 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.485086617 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.485626013 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.486222706 +0100] -
INFO - Security Initialization - SSL info:
#011TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.486720917 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.487170422 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.487651590 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.488120831 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.488616154 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.489101124 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.489614588 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.490132278 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.490638790 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.491050535 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.491551374 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.491963122 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.492404036 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.492844912 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.493331259 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.493865506 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.494373239 +0100] -
INFO - Security Initialization - SSL info: #011TLS_AES_128_GCM_SHA256: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.494856356 +0100] -
INFO - Security Initialization - SSL info: #011TLS_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.495379801 +0100] -
INFO - Security Initialization - SSL info: #011TLS_AES_256_GCM_SHA384: enabled
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.504713771 +0100] -
INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min:
TLS1.0, max: TLS1.2
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.505720965 +0100] -
INFO - main - 389-Directory/1.3.6.1 B2018.025.1550 starting up
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.519359109 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.522754168 +0100] -
WARN - default_mr_indexer_create - Plugin [caseIgnoreIA5Match] does not handle
caseExactIA5Match
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.527038258 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.533380854 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.539571019 +0100] -
NOTICE - ldbm_back_start - found 1532164k physical memory
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.540267898 +0100] -
NOTICE - ldbm_back_start - found 1210532k available
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.540903052 +0100] -
NOTICE - ldbm_back_start - cache autosizing: db cache: 61286k
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.541531113 +0100] -
NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 65536k
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.543313364 +0100] -
NOTICE - ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 65536k
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.544960676 +0100] -
NOTICE - ldbm_back_start - cache autosizing: changelog entry cache (3 total): 65536k
> > > Jan 26 20:07:16 idm1 ns-slapd: [26/Jan/2018:20:07:16.546649579 +0100] -
NOTICE - ldbm_back_start - total cache size: 282989821 B;
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.188126082 +0100] - ERR
- schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after
the server startup!
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.254545220 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.255636672 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=keys,cn=sec,cn=dns,dc=XXXkd,dc=fau,dc=de
does not exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.256464414 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.257250650 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.258164746 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.258863403 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=XXXkd,dc=fau,dc=de
does not exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.259511799 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.260127161 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.260803146 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.261498596 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.262204544 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.262929674 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.263636127 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.264272729 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.265176992 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.265924764 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.266565141 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.267196538 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.267799261 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.268432799 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.269320406 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.277180952 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.277931491 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.394597339 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.397664334 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.398357312 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.398994945 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.437779220 +0100] - ERR
- set_krb5_creds - Could not get initial credentials for principal
[ldap/idm1.XXXkd.fau.de(a)XXXKD.FAU.DE] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228
(Cannot contact any KDC for requested realm)
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.450559118 +0100] - ERR
- schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!
> > > Jan 26 20:07:17 idm1 ns-slapd: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (No Kerberos credentials available (default cache:
/tmp/krb5cc_993))
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.457942893 +0100] -
INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP
requests
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.459144092 +0100] -
INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
> > > Jan 26 20:07:17 idm1 ns-slapd: [26/Jan/2018:20:07:17.460493541 +0100] -
INFO - slapd_daemon - Listening on /var/run/slapd-XXXKD-FAU-DE.socket for LDAPI requests
> > > Jan 26 20:07:17 idm1 systemd: Started 389 Directory Server XXXKD-FAU-DE..
> > > Jan 26 20:07:17 idm1 systemd: Starting Kerberos 5 KDC...
> > > Jan 26 20:07:18 idm1 systemd: PID file /var/run/krb5kdc.pid not readable
(yet?) after start.
> > > Jan 26 20:07:18 idm1 systemd: Started Kerberos 5 KDC.
> > > Jan 26 20:07:18 idm1 systemd: Starting Kerberos 5 Password-changing and
Administration...
> > > Jan 26 20:07:18 idm1 systemd: Started Kerberos 5 Password-changing and
Administration.
> > > Jan 26 20:07:18 idm1 systemd: Starting The Apache HTTP Server...
> > > Jan 26 20:07:18 idm1 ipa-httpd-kdcproxy: ipa : INFO KDC proxy
enabled
> > > Jan 26 20:07:19 idm1 systemd: Started The Apache HTTP Server.
> > > Jan 26 20:07:19 idm1 systemd: Starting IPA Custodia Service...
> > > Jan 26 20:07:20 idm1 ipa-custodia: 2018-01-26 20:07:20 - server
- Serving on Unix socket /run/httpd/ipa-custodia.sock
> > > Jan 26 20:07:20 idm1 systemd: Started IPA Custodia Service.
> > > Jan 26 20:07:20 idm1 ns-slapd: [26/Jan/2018:20:07:20.562156820 +0100] -
WARN - csngen_new_csn - Too much time skew (-416207 secs). Current seqnum=2a
> > > Jan 26 20:07:20 idm1 systemd: Starting Network Time Service...
> > > Jan 26 20:07:20 idm1 ns-slapd: [26/Jan/2018:20:07:20.753895497 +0100] - ERR
- NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meToidm2.XXXkd.fau.de"
(idm2:389) - Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials)
()
> > > Jan 26 20:07:20 idm1 ntpd[16369]: ntpd 4.2.6p5(a)1.2349-o Wed Apr 12 21:24:06
UTC 2017 (1)
> > > Jan 26 20:07:20 idm1 systemd: Started Network Time Service.
> > > Jan 26 20:07:20 idm1 ntpd[16370]: proto: precision = 0.087 usec
> > > Jan 26 20:07:20 idm1 ntpd[16370]: 0.0.0.0 c01d 0d kern kernel time sync
enabled
> > > Jan 26 20:07:20 idm1 ntpd[16370]: getaddrinfo:
"2001:638:a000:b201::/64" invalid host address, ignored
> > > Jan 26 20:07:20 idm1 ntpd[16370]: restrict: error in address
'2001:638:a000:b201::/64' on line 21. Ignoring...
> > > Jan 26 20:07:20 idm1 ntpd[16370]: Listen and drop on 0 v4wildcard 0.0.0.0
UDP 123
> > > Jan 26 20:07:20 idm1 systemd: Starting PKI Tomcat Server pki-tomcat...
> > > Jan 26 20:07:20 idm1 ntpd[16370]: Listen and drop on 1 v6wildcard :: UDP
123
> > > Jan 26 20:07:20 idm1 ntpd[16370]: Listen normally on 2 lo 127.0.0.1 UDP
123
> > > Jan 26 20:07:20 idm1 ntpd[16370]: Listen normally on 3 eth0 10.188.220.100
UDP 123
> > > Jan 26 20:07:20 idm1 ntpd[16370]: Listen normally on 4 lo ::1 UDP 123
> > > Jan 26 20:07:20 idm1 ntpd[16370]: Listen normally on 5 eth0
fe80::5054:ff:fe4e:b270 UDP 123
> > > Jan 26 20:07:20 idm1 ntpd[16370]: Listen normally on 6 eth0
2001:638:a000:b201::220:100 UDP 123
> > > Jan 26 20:07:20 idm1 ntpd[16370]: Listening on routing socket on fd #23 for
interface updates
> > > Jan 26 20:07:20 idm1 ntpd[16370]: 0.0.0.0 c016 06 restart
> > > Jan 26 20:07:20 idm1 ntpd[16370]: 0.0.0.0 c012 02 freq_set ntpd -11.506
PPM
> > > Jan 26 20:07:23 idm1 ns-slapd: [26/Jan/2018:20:07:23.040493392 +0100] - ERR
- schema-compat-plugin - Finished plugin initialization.
> > > Jan 26 20:07:23 idm1 pkidaemon: -----------------------
> > > Jan 26 20:07:23 idm1 pkidaemon: Banner is not installed
> > > Jan 26 20:07:23 idm1 pkidaemon: -----------------------
> > > Jan 26 20:07:23 idm1 pkidaemon: ----------------------
> > > Jan 26 20:07:23 idm1 pkidaemon: Enabled all subsystems
> > > Jan 26 20:07:23 idm1 pkidaemon: ----------------------
> > > Jan 26 20:07:23 idm1 systemd: Started PKI Tomcat Server pki-tomcat.
> > > Jan 26 20:07:23 idm1 systemd: Reached target PKI Tomcat Server.
> > > Jan 26 20:07:23 idm1 systemd: Starting PKI Tomcat Server.
> > > Jan 26 20:07:23 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> > > Jan 26 20:07:23 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> > > Jan 26 20:07:23 idm1 server: main class used:
org.apache.catalina.startup.Bootstrap
> > > Jan 26 20:07:23 idm1 server: flags used:
-DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.library.path=/usr/lib64/nuxwdog-jni
> > > Jan 26 20:07:23 idm1 server: options used:
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.security.manager
-Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
> > > Jan 26 20:07:23 idm1 server: arguments used: start
> > > Jan 26 20:07:23 idm1 server: Jan 26, 2018 8:07:23 PM
org.apache.catalina.startup.ClassLoaderFactory validateFile
> > > Jan 26 20:07:23 idm1 server: WARNING: Problem with JAR file
[/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead: [false]
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'enableOCSP' to
'false' did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderURL' to 'http://idm1.XXXkd.fau.de:9080/ca/ocsp' did not find
a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find
a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspCacheSize'
to '1000' did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMinCacheEntryDuration' to '60' did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspTimeout' to
'10' did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'strictCiphers'
to 'true' did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslOptions' to
'ssl2=false,ssl3=false,tls=true' did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl2Ciphers' to
'-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5'
did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl3Ciphers' to
'-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'tlsCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching
property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching
property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslRangeCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256'
did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordFile'
to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordClass'
to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did not find a matching
property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'certdbDir' to
'/var/lib/pki/pki-tomcat/alias' did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property 'xmlValidation'
to 'false' did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: Jan 26, 2018 8:07:24 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> > > Jan 26 20:07:24 idm1 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'xmlNamespaceAware' to 'false' did not find a matching property.
> > > Jan 26 20:07:24 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_init]
> > > Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:07:25 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:07:25 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:07:25 idm1 server: Error: SSL cipher
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> > > Jan 26 20:07:25 idm1 server: Error: SSL cipher
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> > > Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:07:25 idm1 server: INFO: Initializing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:07:25 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_init]
> > > Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.catalina.startup.Catalina load
> > > Jan 26 20:07:25 idm1 server: INFO: Initialization processed in 1535 ms
> > > Jan 26 20:07:25 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_start]
> > > Jan 26 20:07:25 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_start]
> > > Jan 26 20:07:25 idm1 ntpd[16370]: 0.0.0.0 c515 05 clock_sync
> > > Jan 26 20:07:25 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[start]
> > > Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.catalina.core.StandardService startInternal
> > > Jan 26 20:07:25 idm1 server: INFO: Starting service Catalina
> > > Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.catalina.core.StandardEngine startInternal
> > > Jan 26 20:07:25 idm1 server: INFO: Starting Servlet Engine: Apache
Tomcat/7.0.76
> > > Jan 26 20:07:25 idm1 server: Jan 26, 2018 8:07:25 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:07:25 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml
> > > Jan 26 20:07:25 idm1 server: SSLAuthenticatorWithFallback: Creating SSL
authenticator with fallback
> > > Jan 26 20:07:25 idm1 server: SSLAuthenticatorWithFallback: Setting
container
> > > Jan 26 20:07:26 idm1 ns-slapd: [26/Jan/2018:20:07:26.811402672 +0100] -
WARN - csngen_new_csn - Too much time skew (-416202 secs). Current seqnum=2b
> > > Jan 26 20:07:27 idm1 server: Jan 26, 2018 8:07:27 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:07:27 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:07:27 idm1 server: SSLAuthenticatorWithFallback: Initializing
authenticators
> > > Jan 26 20:07:27 idm1 server: SSLAuthenticatorWithFallback: Starting
authenticators
> > > Jan 26 20:07:28 idm1 server: CMSEngine.initializePasswordStore() begins
> > > Jan 26 20:07:28 idm1 server: CMSEngine.initializePasswordStore():
tag=internaldb
> > > Jan 26 20:07:28 idm1 server: CMSEngine.initializePasswordStore():
tag=replicationdb
> > > Jan 26 20:07:30 idm1 server: SelfTestSubsystem: Disabling "ca"
subsystem due to selftest failure.
> > > Jan 26 20:07:31 idm1 server: -----------------------
> > > Jan 26 20:07:31 idm1 server: Disabled "ca" subsystem
> > > Jan 26 20:07:31 idm1 server: -----------------------
> > > Jan 26 20:07:31 idm1 server: Subsystem ID: ca
> > > Jan 26 20:07:31 idm1 server: Instance ID: pki-tomcat
> > > Jan 26 20:07:31 idm1 server: Enabled: False
> > > Jan 26 20:07:31 idm1 server: Invalid class name repositorytop
> > > Jan 26 20:07:31 idm1 server: Invalid class name repositorytop
> > > Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.DBRegistry.createObject(DBRegistry.java:485)
> > > Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:167)
> > > Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:137)
> > > Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.Repository.getSerialNumber(Repository.java:125)
> > > Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.Repository.initCache(Repository.java:244)
> > > Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:460)
> > > Jan 26 20:07:31 idm1 server: at
com.netscape.cmscore.apps.CMSEngine.startup(CMSEngine.java:1378)
> > > Jan 26 20:07:31 idm1 server: at
com.netscape.certsrv.apps.CMS.startup(CMS.java:202)
> > > Jan 26 20:07:31 idm1 server: at
com.netscape.certsrv.apps.CMS.start(CMS.java:1632)
> > > Jan 26 20:07:31 idm1 server: at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117)
> > > Jan 26 20:07:31 idm1 server: at
javax.servlet.GenericServlet.init(GenericServlet.java:158)
> > > Jan 26 20:07:31 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > Jan 26 20:07:31 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > > Jan 26 20:07:31 idm1 server: at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > Jan 26 20:07:31 idm1 server: at
java.lang.reflect.Method.invoke(Method.java:498)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> > > Jan 26 20:07:31 idm1 server: at
java.security.AccessController.doPrivileged(Native Method)
> > > Jan 26 20:07:31 idm1 server: at
javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1257)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5368)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
> > > Jan 26 20:07:31 idm1 server: at
java.security.AccessController.doPrivileged(Native Method)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
> > > Jan 26 20:07:31 idm1 server: at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
> > > Jan 26 20:07:31 idm1 server: at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> > > Jan 26 20:07:31 idm1 server: at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
> > > Jan 26 20:07:31 idm1 server: at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> > > Jan 26 20:07:31 idm1 server: at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> > > Jan 26 20:07:31 idm1 server: at java.lang.Thread.run(Thread.java:748)
> > > Jan 26 20:07:31 idm1 server: Jan 26, 2018 8:07:31 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:07:31 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml has finished in 5,520 ms
> > > Jan 26 20:07:31 idm1 server: Jan 26, 2018 8:07:31 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:07:31 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml
> > > Jan 26 20:07:32 idm1 server: Jan 26, 2018 8:07:32 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:07:32 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:07:32 idm1 server: Jan 26, 2018 8:07:32 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:07:32 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml has finished in 790 ms
> > > Jan 26 20:07:32 idm1 server: Jan 26, 2018 8:07:32 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:07:32 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml
> > > Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:07:33 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:07:33 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml has finished in 1,064 ms
> > > Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:07:33 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:07:33 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:07:33 idm1 server: INFO: Starting ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:07:33 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_start]
> > > Jan 26 20:07:33 idm1 server: PKIListener: Subsystem CA is disabled.
> > > Jan 26 20:07:33 idm1 server: PKIListener: Check
/var/log/pki/pki-tomcat/ca/selftests.log for possible errors.
> > > Jan 26 20:07:33 idm1 server: PKIListener: To enable the subsystem:
> > > Jan 26 20:07:33 idm1 server: PKIListener: pki-server subsystem-enable -i
pki-tomcat ca
> > > Jan 26 20:07:33 idm1 server: Jan 26, 2018 8:07:33 PM
org.apache.catalina.startup.Catalina start
> > > Jan 26 20:07:33 idm1 server: INFO: Server startup in 7515 ms
> > > Jan 26 20:07:39 idm1 ns-slapd: [26/Jan/2018:20:07:39.035843722 +0100] -
WARN - csngen_new_csn - Too much time skew (-416191 secs). Current seqnum=2c
> > > Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.startup.HostConfig undeploy
> > > Jan 26 20:07:43 idm1 server: INFO: Undeploying context [/ca]
> > > Jan 26 20:07:43 idm1 server: SSLAuthenticatorWithFallback: Stopping
authenticators
> > > Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:07:43 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-0 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:07:43 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-2 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:07:43 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [authorityMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> > > Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:07:43 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-3 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:07:43 idm1 server: Jan 26, 2018 8:07:43 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:07:43 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [profileChangeMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> > > Jan 26 20:07:43 idm1 server: SSLAuthenticatorWithFallback: Setting
container
> > > Jan 26 20:07:47 idm1 ns-slapd: [26/Jan/2018:20:07:47.844329850 +0100] -
WARN - csngen_new_csn - Too much time skew (-416183 secs). Current seqnum=2d
> > >
> > > Jan 26 20:08:09 idm1 ns-slapd: [26/Jan/2018:20:08:09.059172306 +0100] -
WARN - csngen_new_csn - Too much time skew (-416174 secs). Current seqnum=1
> > > Jan 26 20:08:27 idm1 ntpd[16370]: ntpd exiting on signal 15
> > > Jan 26 20:08:27 idm1 systemd: Stopping Network Time Service...
> > > Jan 26 20:08:27 idm1 systemd: Stopped Network Time Service.
> > > Jan 26 20:08:49 idm1 ns-slapd: [26/Jan/2018:20:08:49.052101605 +0100] -
WARN - csngen_new_csn - Too much time skew (-416135 secs). Current seqnum=1
> > > Jan 26 20:08:49 idm1 ns-slapd: [26/Jan/2018:20:08:49.075642776 +0100] -
WARN - csngen_new_csn - Too much time skew (-416136 secs). Current seqnum=1
> > > Jan 26 20:08:51 idm1 ns-slapd: [26/Jan/2018:20:08:51.298345097 +0100] -
WARN - csngen_new_csn - Too much time skew (-416135 secs). Current seqnum=1
> > > Jan 26 20:09:25 idm1 ns-slapd: [26/Jan/2018:20:09:25.093696262 +0100] -
WARN - csngen_new_csn - Too much time skew (-416102 secs). Current seqnum=1
> > > Jan 26 20:09:25 idm1 ns-slapd: [26/Jan/2018:20:09:25.115607333 +0100] -
WARN - csngen_new_csn - Too much time skew (-416103 secs). Current seqnum=1
> > > Jan 26 20:10:27 idm1 ns-slapd: [26/Jan/2018:20:10:27.371866302 +0100] -
WARN - csngen_new_csn - Too much time skew (-416042 secs). Current seqnum=1
> > > Jan 26 20:11:11 idm1 ns-slapd: [26/Jan/2018:20:11:11.185235999 +0100] -
WARN - csngen_new_csn - Too much time skew (-415999 secs). Current seqnum=1
> > > Jan 26 20:12:24 idm1 systemd: Starting Samba SMB Daemon...
> > > Jan 26 20:12:24 idm1 smbd[16684]: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (Ticket not yet valid)
> > > Jan 26 20:12:24 idm1 ns-slapd: [26/Jan/2018:20:12:24.338023606 +0100] -
WARN - csngen_new_csn - Too much time skew (-415927 secs). Current seqnum=1
> > > Jan 26 20:12:24 idm1 ns-slapd: [26/Jan/2018:20:12:24.492918154 +0100] -
WARN - csngen_new_csn - Too much time skew (-415928 secs). Current seqnum=1
> > > Jan 26 20:12:24 idm1 smbd[16684]: [2018/01/26 20:12:24.644663, 0]
../lib/util/become_daemon.c:124(daemon_ready)
> > > Jan 26 20:12:24 idm1 systemd: Started Samba SMB Daemon.
> > > Jan 26 20:12:24 idm1 smbd[16684]: STATUS=daemon 'smbd' finished
starting up and ready to serve connections
> > > Jan 26 20:12:24 idm1 systemd: Starting Samba Winbind Daemon...
> > > Jan 26 20:12:24 idm1 winbindd[16702]: [2018/01/26 20:12:24.744499, 0]
../source3/winbindd/winbindd_cache.c:3171(initialize_winbindd_cache)
> > > Jan 26 20:12:24 idm1 systemd: winbind.service: Supervising process 16702
which is not our child. We'll most likely not notice when it exits.
> > > Jan 26 20:12:24 idm1 winbindd[16702]: initialize_winbindd_cache: clearing
cache and re-creating with version number 2
> > > Jan 26 20:12:24 idm1 winbindd[16702]: [2018/01/26 20:12:24.788607, 0]
../lib/util/become_daemon.c:124(daemon_ready)
> > > Jan 26 20:12:24 idm1 systemd: Started Samba Winbind Daemon.
> > > Jan 26 20:12:24 idm1 winbindd[16702]: STATUS=daemon 'winbindd'
finished starting up and ready to serve connections
> > > Jan 26 20:12:24 idm1 systemd: Listening on ipa-otpd socket.
> > > Jan 26 20:12:24 idm1 systemd: Starting ipa-otpd socket.
> > > Jan 26 20:12:24 idm1 ns-slapd: [26/Jan/2018:20:12:24.835355417 +0100] -
WARN - csngen_new_csn - Too much time skew (-415928 secs). Current seqnum=1
> > >
> > > Jan 26 20:16:36 idm1 ns-slapd: [26/Jan/2018:20:16:36.642664215 +0100] -
WARN - csngen_new_csn - Too much time skew (-415688 secs). Current seqnum=1
> > > Jan 26 20:16:36 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request
to dogtag-ipa-renew-agent
> > > Jan 26 20:16:37 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:17:24 idm1 ns-slapd: [26/Jan/2018:20:17:24.820564227 +0100] -
WARN - csngen_new_csn - Too much time skew (-415641 secs). Current seqnum=1
> > > Jan 26 20:17:37 idm1 ns-slapd: [26/Jan/2018:20:17:37.625304230 +0100] -
WARN - csngen_new_csn - Too much time skew (-415629 secs). Current seqnum=1
> > > Jan 26 20:17:37 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request
to dogtag-ipa-renew-agent
> > > Jan 26 20:17:37 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:18:01 idm1 logrotate: ALERT exited abnormally with [1]
> > > Jan 26 20:18:38 idm1 ns-slapd: [26/Jan/2018:20:18:38.792663979 +0100] -
WARN - csngen_new_csn - Too much time skew (-415569 secs). Current seqnum=1
> > > Jan 26 20:22:24 idm1 ns-slapd: [26/Jan/2018:20:22:24.817110632 +0100] -
WARN - csngen_new_csn - Too much time skew (-415344 secs). Current seqnum=1
> > >
> > > Jan 26 20:23:59 idm1 dogtag-ipa-ca-renew-agent-submit: Forwarding request
to dogtag-ipa-renew-agent
> > > Jan 26 20:23:59 idm1 dogtag-ipa-ca-renew-agent-submit:
dogtag-ipa-renew-agent returned 2
> > > Jan 26 20:24:45 idm1 stop_pkicad: Stopping pki_tomcatd
> > > Jan 26 20:24:45 idm1 systemd: Stopping PKI Tomcat Server pki-tomcat...
> > > Jan 26 20:24:45 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> > > Jan 26 20:24:45 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> > > Jan 26 20:24:45 idm1 server: main class used:
org.apache.catalina.startup.Bootstrap
> > > Jan 26 20:24:45 idm1 server: flags used:
-DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.library.path=/usr/lib64/nuxwdog-jni
> > > Jan 26 20:24:45 idm1 server: options used:
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> > > Jan 26 20:24:45 idm1 server: arguments used: stop
> > > Jan 26 20:24:45 idm1 server: Jan 26, 2018 8:24:45 PM
org.apache.catalina.startup.ClassLoaderFactory validateFile
> > > Jan 26 20:24:45 idm1 server: WARNING: Problem with JAR file
[/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead: [false]
> > > Jan 26 20:24:46 idm1 server: Jan 26, 2018 8:24:46 PM
org.apache.catalina.core.StandardServer await
> > > Jan 26 20:24:46 idm1 server: INFO: A valid shutdown command was received
via the shutdown port. Stopping the Server instance.
> > > Jan 26 20:24:46 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_stop]
> > > Jan 26 20:24:46 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[stop]
> > > Jan 26 20:24:46 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_stop]
> > > Jan 26 20:24:46 idm1 server: Jan 26, 2018 8:24:46 PM
org.apache.coyote.AbstractProtocol pause
> > > Jan 26 20:24:46 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:24:46 idm1 systemd: Stopped PKI Tomcat Server pki-tomcat.
> > > Jan 26 20:24:46 idm1 stop_pkicad: Stopped pki_tomcatd
> > > Jan 26 20:27:24 idm1 ns-slapd: [26/Jan/2018:20:27:24.817184276 +0100] -
WARN - csngen_new_csn - Too much time skew (-415053 secs). Current seqnum=1
> > > Jan 26 20:28:39 idm1 ns-slapd: [26/Jan/2018:20:28:39.388139879 +0100] -
WARN - csngen_new_csn - Too much time skew (-414980 secs). Current seqnum=1
> > > Jan 26 20:28:45 idm1 systemd: Reloading.
> > > Jan 26 20:28:45 idm1 systemd: [/usr/lib/systemd/system/ip6tables.service:3]
Failed to add dependency on syslog.target,iptables.service, ignoring: Invalid argument
> > > Jan 26 20:28:45 idm1 yum[17021]: Installed:
pki-server-10.4.1-17.el7_4.noarch
> > >
> > > Jan 26 20:30:09 idm1 yum[17100]: Installed:
pki-symkey-10.4.1-17.el7_4.x86_64
> > > Jan 26 20:30:10 idm1 ns-slapd: [26/Jan/2018:20:30:10.056412100 +0100] -
WARN - csngen_new_csn - Too much time skew (-414902 secs). Current seqnum=1
> > > Jan 26 20:30:10 idm1 ns-slapd: [26/Jan/2018:20:30:10.112492509 +0100] -
WARN - csngen_new_csn - Too much time skew (-414903 secs). Current seqnum=1
> > > Jan 26 20:30:36 idm1 systemd: Stopping Certificate monitoring and PKI
enrollment...
> > > Jan 26 20:30:36 idm1 systemd: Starting Certificate monitoring and PKI
enrollment...
> > > Jan 26 20:30:36 idm1 systemd: Started Certificate monitoring and PKI
enrollment.
> > > Jan 26 20:30:51 idm1 ns-slapd: [26/Jan/2018:20:30:51.459575928 +0100] -
WARN - csngen_new_csn - Too much time skew (-414862 secs). Current seqnum=1
> > > Jan 26 20:30:53 idm1 ns-slapd: [26/Jan/2018:20:30:53.004542140 +0100] -
WARN - csngen_new_csn - Too much time skew (-414862 secs). Current seqnum=1
> > >
> > > Jan 26 20:32:53 idm1 ns-slapd: [26/Jan/2018:20:32:53.104794576 +0100] -
WARN - csngen_new_csn - Too much time skew (-414747 secs). Current seqnum=1
> > > Jan 26 20:33:38 idm1 ns-slapd: [26/Jan/2018:20:33:38.708156346 +0100] -
WARN - csngen_new_csn - Too much time skew (-414702 secs). Current seqnum=1
> > > Jan 26 20:35:26 idm1 systemd: Starting PKI Tomcat Server tomcatd...
> > > Jan 26 20:35:27 idm1 pkidaemon: tomcatd is an invalid 'tomcat'
instance
> > > Jan 26 20:35:27 idm1 systemd: pki-tomcatd(a)tomcatd.service: control process
exited, code=exited status=5
> > > Jan 26 20:35:27 idm1 systemd: Failed to start PKI Tomcat Server tomcatd.
> > > Jan 26 20:35:27 idm1 systemd: Unit pki-tomcatd(a)tomcatd.service entered
failed state.
> > > Jan 26 20:35:27 idm1 systemd: pki-tomcatd(a)tomcatd.service failed.
> > > Jan 26 20:38:15 idm1 systemd: Stopping Certificate monitoring and PKI
enrollment...
> > > Jan 26 20:38:15 idm1 systemd: Starting Certificate monitoring and PKI
enrollment...
> > > Jan 26 20:38:16 idm1 systemd: Started Certificate monitoring and PKI
enrollment.
> > >
> > > Jan 26 20:38:50 idm1 systemd: Stopped target PKI Tomcat Server.
> > > Jan 26 20:38:50 idm1 systemd: Stopping PKI Tomcat Server.
> > > Jan 26 20:38:50 idm1 systemd: Stopping 389 Directory Server
XXXKD-FAU-DE....
> > > Jan 26 20:38:50 idm1 ns-slapd: [26/Jan/2018:20:38:50.930128624 +0100] -
INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack
size 7 max work q size 3 max work q stack size 3
> > > Jan 26 20:38:50 idm1 ns-slapd: [26/Jan/2018:20:38:50.938738333 +0100] -
INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins
> > > Jan 26 20:38:51 idm1 ns-slapd: [26/Jan/2018:20:38:51.491982395 +0100] -
INFO - dblayer_pre_close - Waiting for 4 database threads to stop
> > > Jan 26 20:38:52 idm1 ns-slapd: [26/Jan/2018:20:38:52.643000430 +0100] -
INFO - dblayer_pre_close - All database threads now stopped
> > > Jan 26 20:38:52 idm1 ns-slapd: [26/Jan/2018:20:38:52.843193691 +0100] -
INFO - ldbm_back_instance_set_destructor - Set of instances destroyed
> > > Jan 26 20:38:52 idm1 ns-slapd: [26/Jan/2018:20:38:52.845431711 +0100] -
INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 3 work q stack
objects - freed 7 op stack objects
> > > Jan 26 20:38:52 idm1 ns-slapd: [26/Jan/2018:20:38:52.949112608 +0100] -
INFO - main - slapd stopped.
> > > Jan 26 20:38:53 idm1 systemd: Starting 389 Directory Server
XXXKD-FAU-DE....
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.798684376 +0100] -
WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need
to run systemd-tty-ask-password-agent to provide the password.
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.802136681 +0100] -
INFO - Security Initialization - SSL info: Enabling default cipher set.
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.803482731 +0100] -
INFO - Security Initialization - SSL info: Configured NSS Ciphers
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.804571447 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.805584219 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.806587975 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.807433596 +0100] -
INFO - Security Initialization - SSL info:
#011TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.808344028 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.809263480 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.810258405 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.811278159 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.812279895 +0100] -
INFO - Security Initialization - SSL info:
#011TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.813211722 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.814155963 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.815027810 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.815884935 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.816664023 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.817588461 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.820002292 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.820921200 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.821848282 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.822790429 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.823796031 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.824792858 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.825834646 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.826645719 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.827439967 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.828388576 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.829379262 +0100] -
INFO - Security Initialization - SSL info: #011TLS_AES_128_GCM_SHA256: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.830270347 +0100] -
INFO - Security Initialization - SSL info: #011TLS_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.831112791 +0100] -
INFO - Security Initialization - SSL info: #011TLS_AES_256_GCM_SHA384: enabled
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.842425631 +0100] -
INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min:
TLS1.0, max: TLS1.2
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.844467130 +0100] -
INFO - main - 389-Directory/1.3.6.1 B2018.025.1550 starting up
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.862148344 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.866723860 +0100] -
WARN - default_mr_indexer_create - Plugin [caseIgnoreIA5Match] does not handle
caseExactIA5Match
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.872029440 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.880396494 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.887683843 +0100] -
NOTICE - ldbm_back_start - found 1532164k physical memory
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.889387846 +0100] -
NOTICE - ldbm_back_start - found 957616k available
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.890401127 +0100] -
NOTICE - ldbm_back_start - cache autosizing: db cache: 61286k
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.891282794 +0100] -
NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 65536k
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.893673995 +0100] -
NOTICE - ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 65536k
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.896279383 +0100] -
NOTICE - ldbm_back_start - cache autosizing: changelog entry cache (3 total): 65536k
> > > Jan 26 20:38:54 idm1 ns-slapd: [26/Jan/2018:20:38:54.899099347 +0100] -
NOTICE - ldbm_back_start - total cache size: 282989821 B;
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.288606109 +0100] - ERR
- schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after
the server startup!
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.356204866 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.357475508 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=keys,cn=sec,cn=dns,dc=XXXkd,dc=fau,dc=de
does not exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.358533489 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.359655614 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.360824909 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.361929056 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=XXXkd,dc=fau,dc=de
does not exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.362916495 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.363933986 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.364863852 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.365773801 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.366715005 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.367657233 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.368620393 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.369654121 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.370568017 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.371627613 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.372549625 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.373548074 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.374515489 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.375468905 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.376417537 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.384105365 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.385229794 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.489142376 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.492165481 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.493230810 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.494325526 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.533752266 +0100] - ERR
- schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.538206222 +0100] - ERR
- set_krb5_creds - Could not get initial credentials for principal
[ldap/idm1.XXXkd.fau.de(a)XXXKD.FAU.DE] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324
(Generic error (see e-text))
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.542196033 +0100] -
INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP
requests
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.550911263 +0100] -
INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
> > > Jan 26 20:38:55 idm1 ns-slapd: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (No Kerberos credentials available (default cache:
/tmp/krb5cc_993))
> > > Jan 26 20:38:55 idm1 ns-slapd: [26/Jan/2018:20:38:55.552234132 +0100] -
INFO - slapd_daemon - Listening on /var/run/slapd-XXXKD-FAU-DE.socket for LDAPI requests
> > > Jan 26 20:38:55 idm1 systemd: Started 389 Directory Server XXXKD-FAU-DE..
> > > Jan 26 20:38:55 idm1 systemd: Stopping Kerberos 5 KDC...
> > > Jan 26 20:38:55 idm1 systemd: Starting Kerberos 5 KDC...
> > > Jan 26 20:38:55 idm1 systemd: PID file /var/run/krb5kdc.pid not readable
(yet?) after start.
> > > Jan 26 20:38:55 idm1 systemd: Started Kerberos 5 KDC.
> > > Jan 26 20:38:55 idm1 systemd: Stopping Kerberos 5 Password-changing and
Administration...
> > > Jan 26 20:38:55 idm1 systemd: kadmin.service: main process exited,
code=exited, status=2/INVALIDARGUMENT
> > > Jan 26 20:38:55 idm1 systemd: Unit kadmin.service entered failed state.
> > > Jan 26 20:38:55 idm1 systemd: kadmin.service failed.
> > > Jan 26 20:38:55 idm1 systemd: Starting Kerberos 5 Password-changing and
Administration...
> > > Jan 26 20:38:56 idm1 systemd: Started Kerberos 5 Password-changing and
Administration.
> > > Jan 26 20:38:56 idm1 systemd: Stopping The Apache HTTP Server...
> > > Jan 26 20:38:58 idm1 ns-slapd: [26/Jan/2018:20:38:58.564805340 +0100] -
WARN - csngen_new_csn - Too much time skew (-414396 secs). Current seqnum=1
> > > Jan 26 20:38:58 idm1 ns-slapd: [26/Jan/2018:20:38:58.641081747 +0100] - ERR
- NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meToidm2.XXXkd.fau.de"
(idm2:389) - Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials)
()
> > > Jan 26 20:39:00 idm1 systemd: Starting The Apache HTTP Server...
> > > Jan 26 20:39:00 idm1 ipa-httpd-kdcproxy: ipa : INFO KDC proxy
enabled
> > > Jan 26 20:39:00 idm1 ns-slapd: [26/Jan/2018:20:39:00.943662244 +0100] - ERR
- schema-compat-plugin - Finished plugin initialization.
> > > Jan 26 20:39:01 idm1 systemd: Started The Apache HTTP Server.
> > > Jan 26 20:39:01 idm1 systemd: Stopping IPA Custodia Service...
> > > Jan 26 20:39:01 idm1 systemd: Starting IPA Custodia Service...
> > > Jan 26 20:39:02 idm1 systemd: Started IPA Custodia Service.
> > > Jan 26 20:39:02 idm1 ipa-custodia: 2018-01-26 20:39:02 - server
- Serving on Unix socket /run/httpd/ipa-custodia.sock
> > > Jan 26 20:39:02 idm1 systemd: Starting Network Time Service...
> > > Jan 26 20:39:02 idm1 ntpd[17985]: ntpd 4.2.6p5(a)1.2349-o Wed Apr 12 21:24:06
UTC 2017 (1)
> > > Jan 26 20:39:02 idm1 systemd: Started Network Time Service.
> > > Jan 26 20:39:02 idm1 ntpd[17986]: proto: precision = 0.097 usec
> > > Jan 26 20:39:02 idm1 ntpd[17986]: 0.0.0.0 c01d 0d kern kernel time sync
enabled
> > > Jan 26 20:39:02 idm1 systemd: Starting PKI Tomcat Server pki-tomcat...
> > > Jan 26 20:39:03 idm1 ntpd[17986]: getaddrinfo:
"2001:638:a000:b201::/64" invalid host address, ignored
> > > Jan 26 20:39:03 idm1 ntpd[17986]: restrict: error in address
'2001:638:a000:b201::/64' on line 21. Ignoring...
> > > Jan 26 20:39:03 idm1 ntpd[17986]: Listen and drop on 0 v4wildcard 0.0.0.0
UDP 123
> > > Jan 26 20:39:03 idm1 ntpd[17986]: Listen and drop on 1 v6wildcard :: UDP
123
> > > Jan 26 20:39:03 idm1 ntpd[17986]: Listen normally on 2 lo 127.0.0.1 UDP
123
> > > Jan 26 20:39:03 idm1 ntpd[17986]: Listen normally on 3 eth0 10.188.220.100
UDP 123
> > > Jan 26 20:39:03 idm1 ntpd[17986]: Listen normally on 4 lo ::1 UDP 123
> > > Jan 26 20:39:03 idm1 ntpd[17986]: Listen normally on 5 eth0
fe80::5054:ff:fe4e:b270 UDP 123
> > > Jan 26 20:39:03 idm1 ntpd[17986]: Listen normally on 6 eth0
2001:638:a000:b201::220:100 UDP 123
> > > Jan 26 20:39:03 idm1 ntpd[17986]: Listening on routing socket on fd #23 for
interface updates
> > > Jan 26 20:39:03 idm1 ntpd[17986]: 0.0.0.0 c016 06 restart
> > > Jan 26 20:39:03 idm1 ntpd[17986]: 0.0.0.0 c012 02 freq_set ntpd -11.506
PPM
> > > Jan 26 20:39:04 idm1 ns-slapd: [26/Jan/2018:20:39:04.677894447 +0100] -
WARN - csngen_new_csn - Too much time skew (-414391 secs). Current seqnum=1
> > > Jan 26 20:39:05 idm1 pkidaemon: -----------------------
> > > Jan 26 20:39:05 idm1 pkidaemon: Banner is not installed
> > > Jan 26 20:39:05 idm1 pkidaemon: -----------------------
> > > Jan 26 20:39:05 idm1 pkidaemon: ----------------------
> > > Jan 26 20:39:05 idm1 pkidaemon: Enabled all subsystems
> > > Jan 26 20:39:05 idm1 pkidaemon: ----------------------
> > > Jan 26 20:39:05 idm1 systemd: Started PKI Tomcat Server pki-tomcat.
> > > Jan 26 20:39:05 idm1 systemd: Reached target PKI Tomcat Server.
> > > Jan 26 20:39:05 idm1 systemd: Starting PKI Tomcat Server.
> > > Jan 26 20:39:05 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> > > Jan 26 20:39:05 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> > > Jan 26 20:39:05 idm1 server: main class used:
org.apache.catalina.startup.Bootstrap
> > > Jan 26 20:39:05 idm1 server: flags used:
-DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.library.path=/usr/lib64/nuxwdog-jni
> > > Jan 26 20:39:05 idm1 server: options used:
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.security.manager
-Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
> > > Jan 26 20:39:05 idm1 server: arguments used: start
> > > Jan 26 20:39:07 idm1 ntpd[17986]: 0.0.0.0 c515 05 clock_sync
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'enableOCSP' to
'false' did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderURL' to 'http://idm1.XXXkd.fau.de:9080/ca/ocsp' did not find
a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find
a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspCacheSize'
to '1000' did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMinCacheEntryDuration' to '60' did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspTimeout' to
'10' did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'strictCiphers'
to 'true' did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslOptions' to
'ssl2=false,ssl3=false,tls=true' did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl2Ciphers' to
'-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5'
did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl3Ciphers' to
'-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'tlsCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching
property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching
property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslRangeCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256'
did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordFile'
to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordClass'
to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did not find a matching
property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'certdbDir' to
'/var/lib/pki/pki-tomcat/alias' did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property 'xmlValidation'
to 'false' did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: Jan 26, 2018 8:39:07 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> > > Jan 26 20:39:07 idm1 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'xmlNamespaceAware' to 'false' did not find a matching property.
> > > Jan 26 20:39:07 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_init]
> > > Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:39:08 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:39:08 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:39:08 idm1 server: Error: SSL cipher
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> > > Jan 26 20:39:08 idm1 server: Error: SSL cipher
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> > > Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:39:08 idm1 server: INFO: Initializing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:39:08 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_init]
> > > Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.catalina.startup.Catalina load
> > > Jan 26 20:39:08 idm1 server: INFO: Initialization processed in 1254 ms
> > > Jan 26 20:39:08 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_start]
> > > Jan 26 20:39:08 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_start]
> > > Jan 26 20:39:08 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[start]
> > > Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.catalina.core.StandardService startInternal
> > > Jan 26 20:39:08 idm1 server: INFO: Starting service Catalina
> > > Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.catalina.core.StandardEngine startInternal
> > > Jan 26 20:39:08 idm1 server: INFO: Starting Servlet Engine: Apache
Tomcat/7.0.76
> > > Jan 26 20:39:08 idm1 server: Jan 26, 2018 8:39:08 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:39:08 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml
> > > Jan 26 20:39:08 idm1 server: SSLAuthenticatorWithFallback: Creating SSL
authenticator with fallback
> > > Jan 26 20:39:08 idm1 server: SSLAuthenticatorWithFallback: Setting
container
> > > Jan 26 20:39:10 idm1 server: Jan 26, 2018 8:39:10 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:39:10 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:39:10 idm1 server: SSLAuthenticatorWithFallback: Initializing
authenticators
> > > Jan 26 20:39:10 idm1 server: SSLAuthenticatorWithFallback: Starting
authenticators
> > > Jan 26 20:39:10 idm1 server: CMSEngine.initializePasswordStore() begins
> > > Jan 26 20:39:10 idm1 server: CMSEngine.initializePasswordStore():
tag=internaldb
> > > Jan 26 20:39:10 idm1 server: CMSEngine.initializePasswordStore():
tag=replicationdb
> > > Jan 26 20:39:13 idm1 server: SelfTestSubsystem: Disabling "ca"
subsystem due to selftest failure.
> > > Jan 26 20:39:13 idm1 server: -----------------------
> > > Jan 26 20:39:13 idm1 server: Disabled "ca" subsystem
> > > Jan 26 20:39:13 idm1 server: -----------------------
> > > Jan 26 20:39:13 idm1 server: Subsystem ID: ca
> > > Jan 26 20:39:13 idm1 server: Instance ID: pki-tomcat
> > > Jan 26 20:39:13 idm1 server: Enabled: False
> > > Jan 26 20:39:13 idm1 server: Invalid class name repositorytop
> > > Jan 26 20:39:14 idm1 server: Invalid class name repositorytop
> > > Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.DBRegistry.createObject(DBRegistry.java:485)
> > > Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:167)
> > > Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:137)
> > > Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.Repository.getSerialNumber(Repository.java:125)
> > > Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.Repository.initCache(Repository.java:244)
> > > Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:460)
> > > Jan 26 20:39:14 idm1 server: at
com.netscape.cmscore.apps.CMSEngine.startup(CMSEngine.java:1378)
> > > Jan 26 20:39:14 idm1 server: at
com.netscape.certsrv.apps.CMS.startup(CMS.java:202)
> > > Jan 26 20:39:14 idm1 server: at
com.netscape.certsrv.apps.CMS.start(CMS.java:1632)
> > > Jan 26 20:39:14 idm1 server: at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117)
> > > Jan 26 20:39:14 idm1 server: at
javax.servlet.GenericServlet.init(GenericServlet.java:158)
> > > Jan 26 20:39:14 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > Jan 26 20:39:14 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > > Jan 26 20:39:14 idm1 server: at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > Jan 26 20:39:14 idm1 server: at
java.lang.reflect.Method.invoke(Method.java:498)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> > > Jan 26 20:39:14 idm1 server: at
java.security.AccessController.doPrivileged(Native Method)
> > > Jan 26 20:39:14 idm1 server: at
javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1257)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5368)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
> > > Jan 26 20:39:14 idm1 server: at
java.security.AccessController.doPrivileged(Native Method)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
> > > Jan 26 20:39:14 idm1 server: at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
> > > Jan 26 20:39:14 idm1 server: at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> > > Jan 26 20:39:14 idm1 server: at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
> > > Jan 26 20:39:14 idm1 server: at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> > > Jan 26 20:39:14 idm1 server: at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> > > Jan 26 20:39:14 idm1 server: at java.lang.Thread.run(Thread.java:748)
> > > Jan 26 20:39:14 idm1 server: Jan 26, 2018 8:39:14 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:39:14 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml has finished in 5,603 ms
> > > Jan 26 20:39:14 idm1 server: Jan 26, 2018 8:39:14 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:39:14 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml
> > > Jan 26 20:39:14 idm1 server: Jan 26, 2018 8:39:14 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:39:14 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:39:14 idm1 server: Jan 26, 2018 8:39:14 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:39:14 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml has finished in 724 ms
> > > Jan 26 20:39:14 idm1 server: Jan 26, 2018 8:39:14 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:39:14 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml
> > > Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:39:15 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:39:15 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml has finished in 1,041 ms
> > > Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:39:15 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:39:15 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:39:15 idm1 server: INFO: Starting ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:39:15 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_start]
> > > Jan 26 20:39:15 idm1 server: PKIListener: Subsystem CA is disabled.
> > > Jan 26 20:39:15 idm1 server: PKIListener: Check
/var/log/pki/pki-tomcat/ca/selftests.log for possible errors.
> > > Jan 26 20:39:15 idm1 server: PKIListener: To enable the subsystem:
> > > Jan 26 20:39:15 idm1 server: PKIListener: pki-server subsystem-enable -i
pki-tomcat ca
> > > Jan 26 20:39:15 idm1 server: Jan 26, 2018 8:39:15 PM
org.apache.catalina.startup.Catalina start
> > > Jan 26 20:39:15 idm1 server: INFO: Server startup in 7480 ms
> > > Jan 26 20:39:17 idm1 ns-slapd: [26/Jan/2018:20:39:17.236299024 +0100] -
WARN - csngen_new_csn - Too much time skew (-414380 secs). Current seqnum=1
> > > Jan 26 20:39:22 idm1 ns-slapd: [26/Jan/2018:20:39:22.056843883 +0100] -
WARN - csngen_new_csn - Too much time skew (-414376 secs). Current seqnum=1
> > > Jan 26 20:39:22 idm1 ns-slapd: [26/Jan/2018:20:39:22.084016470 +0100] -
WARN - csngen_new_csn - Too much time skew (-414377 secs). Current seqnum=1
> > > Jan 26 20:39:26 idm1 ns-slapd: [26/Jan/2018:20:39:26.282879120 +0100] -
WARN - csngen_new_csn - Too much time skew (-414374 secs). Current seqnum=1
> > > Jan 26 20:39:26 idm1 ns-slapd: [26/Jan/2018:20:39:26.321619015 +0100] -
WARN - csngen_new_csn - Too much time skew (-414375 secs). Current seqnum=1
> > > Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.startup.HostConfig undeploy
> > > Jan 26 20:39:26 idm1 server: INFO: Undeploying context [/ca]
> > > Jan 26 20:39:26 idm1 server: SSLAuthenticatorWithFallback: Stopping
authenticators
> > > Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:39:26 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-0 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:39:26 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-2 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:39:26 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [authorityMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> > > Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:39:26 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-3 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:39:26 idm1 server: Jan 26, 2018 8:39:26 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:39:26 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [profileChangeMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> > > Jan 26 20:39:26 idm1 server: SSLAuthenticatorWithFallback: Setting
container
> > > J
> > >
> > > Jan 26 20:42:16 idm1 systemd: Closed ipa-otpd socket.
> > > Jan 26 20:42:16 idm1 systemd: Stopping ipa-otpd socket.
> > > Jan 26 20:42:16 idm1 systemd: Stopping Samba Winbind Daemon...
> > > Jan 26 20:42:16 idm1 winbindd[16702]: [2018/01/26 20:42:16.696807, 0]
../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
> > > Jan 26 20:42:16 idm1 winbindd[16702]: Got sig[15] terminate (is_parent=1)
> > > Jan 26 20:42:16 idm1 winbindd[16703]: [2018/01/26 20:42:16.841466, 0]
../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
> > > Jan 26 20:42:16 idm1 winbindd[16703]: Got sig[15] terminate (is_parent=0)
> > > Jan 26 20:42:16 idm1 systemd: Stopped Samba Winbind Daemon.
> > > Jan 26 20:42:16 idm1 systemd: Stopping Samba SMB Daemon...
> > > Jan 26 20:42:16 idm1 smbd[16688]: [2018/01/26 20:42:16.916550, 0]
../source3/rpc_server/lsasd.c:139(lsasd_sig_term_handler)
> > > Jan 26 20:42:16 idm1 smbd[16688]: termination signal
> > > Jan 26 20:42:16 idm1 systemd: Stopped Samba SMB Daemon.
> > > Jan 26 20:42:17 idm1 systemd: Stopping IPA Custodia Service...
> > > Jan 26 20:42:17 idm1 systemd: Stopped IPA Custodia Service.
> > > Jan 26 20:42:17 idm1 systemd: Stopping The Apache HTTP Server...
> > > Jan 26 20:42:18 idm1 systemd: Stopped The Apache HTTP Server.
> > > Jan 26 20:42:18 idm1 systemd: Stopping Kerberos 5 Password-changing and
Administration...
> > > Jan 26 20:42:18 idm1 systemd: kadmin.service: main process exited,
code=exited, status=2/INVALIDARGUMENT
> > > Jan 26 20:42:18 idm1 systemd: Stopped Kerberos 5 Password-changing and
Administration.
> > > Jan 26 20:42:18 idm1 systemd: Unit kadmin.service entered failed state.
> > > Jan 26 20:42:18 idm1 systemd: kadmin.service failed.
> > > Jan 26 20:42:18 idm1 systemd: Stopping Kerberos 5 KDC...
> > > Jan 26 20:42:18 idm1 systemd: Stopped Kerberos 5 KDC.
> > > Jan 26 20:42:18 idm1 systemd: Stopping 389 Directory Server
XXXKD-FAU-DE....
> > > Jan 26 20:42:18 idm1 ns-slapd: [26/Jan/2018:20:42:18.368608160 +0100] -
INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack
size 6 max work q size 2 max work q stack size 2
> > > Jan 26 20:42:18 idm1 ns-slapd: [26/Jan/2018:20:42:18.372309172 +0100] -
INFO - slapd_daemon - slapd shutting down - waiting for 15 threads to terminate
> > > Jan 26 20:42:18 idm1 ns-slapd: [26/Jan/2018:20:42:18.374142668 +0100] -
INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins
> > > Jan 26 20:42:18 idm1 ns-slapd: [26/Jan/2018:20:42:18.726004813 +0100] -
INFO - dblayer_pre_close - Waiting for 4 database threads to stop
> > > Jan 26 20:42:19 idm1 ns-slapd: [26/Jan/2018:20:42:19.258064040 +0100] -
INFO - dblayer_pre_close - All database threads now stopped
> > > Jan 26 20:42:19 idm1 ns-slapd: [26/Jan/2018:20:42:19.286571363 +0100] -
INFO - ldbm_back_instance_set_destructor - Set of instances destroyed
> > > Jan 26 20:42:19 idm1 ns-slapd: [26/Jan/2018:20:42:19.288632006 +0100] -
INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 2 work q stack
objects - freed 7 op stack objects
> > > Jan 26 20:42:19 idm1 ns-slapd: [26/Jan/2018:20:42:19.803231467 +0100] -
INFO - main - slapd stopped.
> > > Jan 26 20:42:19 idm1 systemd: Stopped 389 Directory Server XXXKD-FAU-DE..
> > > Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_stop]
> > > Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[stop]
> > > Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_stop]
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol pause
> > > Jan 26 20:42:30 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol pause
> > > Jan 26 20:42:30 idm1 server: INFO: Pausing ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol pause
> > > Jan 26 20:42:30 idm1 server: INFO: Pausing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.catalina.core.StandardService stopInternal
> > > Jan 26 20:42:30 idm1 server: INFO: Stopping service Catalina
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol stop
> > > Jan 26 20:42:30 idm1 server: INFO: Stopping ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol stop
> > > Jan 26 20:42:30 idm1 server: INFO: Stopping ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol stop
> > > Jan 26 20:42:30 idm1 server: INFO: Stopping ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_stop]
> > > Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_destroy]
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol destroy
> > > Jan 26 20:42:30 idm1 server: INFO: Destroying ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol destroy
> > > Jan 26 20:42:30 idm1 server: INFO: Destroying ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.coyote.AbstractProtocol destroy
> > > Jan 26 20:42:30 idm1 server: INFO: Destroying ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:42:30 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_destroy]
> > > Jan 26 20:42:30 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> > > Jan 26 20:42:30 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> > > Jan 26 20:42:30 idm1 server: main class used:
org.apache.catalina.startup.Bootstrap
> > > Jan 26 20:42:30 idm1 server: flags used:
-DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.library.path=/usr/lib64/nuxwdog-jni
> > > Jan 26 20:42:30 idm1 server: options used:
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> > > Jan 26 20:42:30 idm1 server: arguments used: stop
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.catalina.startup.Catalina stopServer
> > > Jan 26 20:42:30 idm1 server: SEVERE: Could not contact localhost:8005.
Tomcat may not be running.
> > > Jan 26 20:42:30 idm1 server: Jan 26, 2018 8:42:30 PM
org.apache.catalina.startup.Catalina stopServer
> > > Jan 26 20:42:30 idm1 server: SEVERE: Catalina.stop:
> > > Jan 26 20:42:30 idm1 server: java.net.ConnectException: Connection refused
(Connection refused)
> > > Jan 26 20:42:30 idm1 server: at
java.net.PlainSocketImpl.socketConnect(Native Method)
> > > Jan 26 20:42:30 idm1 server: at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
> > > Jan 26 20:42:30 idm1 server: at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
> > > Jan 26 20:42:30 idm1 server: at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
> > > Jan 26 20:42:30 idm1 server: at
java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> > > Jan 26 20:42:30 idm1 server: at java.net.Socket.connect(Socket.java:589)
> > > Jan 26 20:42:30 idm1 server: at java.net.Socket.connect(Socket.java:538)
> > > Jan 26 20:42:30 idm1 server: at
java.net.Socket.<init>(Socket.java:434)
> > > Jan 26 20:42:30 idm1 server: at
java.net.Socket.<init>(Socket.java:211)
> > > Jan 26 20:42:30 idm1 server: at
org.apache.catalina.startup.Catalina.stopServer(Catalina.java:498)
> > > Jan 26 20:42:30 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > Jan 26 20:42:30 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > > Jan 26 20:42:30 idm1 server: at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > Jan 26 20:42:30 idm1 server: at
java.lang.reflect.Method.invoke(Method.java:498)
> > > Jan 26 20:42:30 idm1 server: at
org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:343)
> > > Jan 26 20:42:30 idm1 server: at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
> > > Jan 26 20:42:30 idm1 systemd: pki-tomcatd(a)pki-tomcat.service: control
process exited, code=exited status=1
> > > Jan 26 20:42:30 idm1 systemd: Unit pki-tomcatd(a)pki-tomcat.service entered
failed state.
> > > Jan 26 20:42:30 idm1 systemd: pki-tomcatd(a)pki-tomcat.service failed.
> > > Jan 26 20:43:06 idm1 systemd: Starting 389 Directory Server
XXXKD-FAU-DE....
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.135519647 +0100] -
WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need
to run systemd-tty-ask-password-agent to provide the password.
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.137896015 +0100] -
INFO - Security Initialization - SSL info: Enabling default cipher set.
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.138653476 +0100] -
INFO - Security Initialization - SSL info: Configured NSS Ciphers
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.139362471 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.139997617 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.140969886 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.141763790 +0100] -
INFO - Security Initialization - SSL info:
#011TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.142425874 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.143128669 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.143876111 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.144506089 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.145128275 +0100] -
INFO - Security Initialization - SSL info:
#011TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.145681866 +0100] -
INFO - Security Initialization - SSL info: #011TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.146327021 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.146946087 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.147538973 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.148175269 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.148809308 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.149468022 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.150081883 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.150700313 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.151358604 +0100] -
INFO - Security Initialization - SSL info: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.151978602 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.152607727 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.153363369 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.153985935 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.154615624 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.155162346 +0100] -
INFO - Security Initialization - SSL info: #011TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.155751837 +0100] -
INFO - Security Initialization - SSL info: #011TLS_AES_128_GCM_SHA256: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.156407344 +0100] -
INFO - Security Initialization - SSL info: #011TLS_CHACHA20_POLY1305_SHA256: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.157006854 +0100] -
INFO - Security Initialization - SSL info: #011TLS_AES_256_GCM_SHA384: enabled
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.166751450 +0100] -
INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min:
TLS1.0, max: TLS1.2
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.167990669 +0100] -
INFO - main - 389-Directory/1.3.6.1 B2018.025.1550 starting up
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.182152260 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.186165063 +0100] -
WARN - default_mr_indexer_create - Plugin [caseIgnoreIA5Match] does not handle
caseExactIA5Match
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.190789757 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.197372415 +0100] -
INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.203502167 +0100] -
NOTICE - ldbm_back_start - found 1532164k physical memory
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.204358115 +0100] -
NOTICE - ldbm_back_start - found 945032k available
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.205099201 +0100] -
NOTICE - ldbm_back_start - cache autosizing: db cache: 61286k
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.205772172 +0100] -
NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 65536k
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.207976581 +0100] -
NOTICE - ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 65536k
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.209935120 +0100] -
NOTICE - ldbm_back_start - cache autosizing: changelog entry cache (3 total): 65536k
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.211955092 +0100] -
NOTICE - ldbm_back_start - total cache size: 282989821 B;
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.268450630 +0100] - ERR
- schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after
the server startup!
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.282669243 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.283853676 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=keys,cn=sec,cn=dns,dc=XXXkd,dc=fau,dc=de
does not exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.284750958 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.285646359 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.286462970 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.287349607 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=XXXkd,dc=fau,dc=de
does not exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.288118043 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.289095649 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.289876366 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=XXXkd,dc=fau,dc=de does
not exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.290752671 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.291856781 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.292684559 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.293502496 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.294411988 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.295131467 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.295944190 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.296675050 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.297436245 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.298242490 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.299012600 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=XXXkd,dc=fau,dc=de does not
exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.299921149 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=dns,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.307173136 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.308050707 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=XXXkd,dc=fau,dc=de does not exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.414161967 +0100] - ERR
- NSACLPlugin - acl_parse - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.417370681 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.418164001 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.419003673 +0100] - ERR
- auto-membership-plugin - automember_parse_regex_rule - Unable to parse regex rule
(invalid regex). Error "nothing to repeat".
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.451898960 +0100] - ERR
- schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.454077292 +0100] - ERR
- set_krb5_creds - Could not get initial credentials for principal
[ldap/idm1.XXXkd.fau.de(a)XXXKD.FAU.DE] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228
(Cannot contact any KDC for requested realm)
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.459158890 +0100] -
INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP
requests
> > > Jan 26 20:43:07 idm1 systemd: Started 389 Directory Server XXXKD-FAU-DE..
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.461550924 +0100] -
INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
> > > Jan 26 20:43:07 idm1 ns-slapd: [26/Jan/2018:20:43:07.462589374 +0100] -
INFO - slapd_daemon - Listening on /var/run/slapd-XXXKD-FAU-DE.socket for LDAPI requests
> > > Jan 26 20:43:07 idm1 ns-slapd: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (No Kerberos credentials available (default cache:
/tmp/krb5cc_993))
> > > Jan 26 20:43:07 idm1 systemd: Starting Kerberos 5 KDC...
> > > Jan 26 20:43:07 idm1 systemd: Started Kerberos 5 KDC.
> > > Jan 26 20:43:07 idm1 systemd: Starting Kerberos 5 Password-changing and
Administration...
> > > Jan 26 20:43:07 idm1 systemd: Started Kerberos 5 Password-changing and
Administration.
> > > Jan 26 20:43:08 idm1 systemd: Starting The Apache HTTP Server...
> > > Jan 26 20:43:08 idm1 ipa-httpd-kdcproxy: ipa : INFO KDC proxy
enabled
> > > Jan 26 20:43:08 idm1 systemd: Started The Apache HTTP Server.
> > > Jan 26 20:43:09 idm1 systemd: Starting IPA Custodia Service...
> > > Jan 26 20:43:09 idm1 ipa-custodia: 2018-01-26 20:43:09 - server
- Serving on Unix socket /run/httpd/ipa-custodia.sock
> > > Jan 26 20:43:09 idm1 systemd: Started IPA Custodia Service.
> > > Jan 26 20:43:09 idm1 systemd: Starting Network Time Service...
> > > Jan 26 20:43:09 idm1 ntpd[18606]: ntpd 4.2.6p5(a)1.2349-o Wed Apr 12 21:24:06
UTC 2017 (1)
> > > Jan 26 20:43:09 idm1 ntpd[18607]: proto: precision = 0.092 usec
> > > Jan 26 20:43:09 idm1 ntpd[18607]: 0.0.0.0 c01d 0d kern kernel time sync
enabled
> > > Jan 26 20:43:09 idm1 systemd: Started Network Time Service.
> > > Jan 26 20:43:09 idm1 ntpd[18607]: getaddrinfo:
"2001:638:a000:b201::/64" invalid host address, ignored
> > > Jan 26 20:43:09 idm1 ntpd[18607]: restrict: error in address
'2001:638:a000:b201::/64' on line 21. Ignoring...
> > > Jan 26 20:43:09 idm1 ntpd[18607]: Listen and drop on 0 v4wildcard 0.0.0.0
UDP 123
> > > Jan 26 20:43:09 idm1 ntpd[18607]: Listen and drop on 1 v6wildcard :: UDP
123
> > > Jan 26 20:43:09 idm1 ntpd[18607]: Listen normally on 2 lo 127.0.0.1 UDP
123
> > > Jan 26 20:43:09 idm1 ntpd[18607]: Listen normally on 3 eth0 10.188.220.100
UDP 123
> > > Jan 26 20:43:09 idm1 ntpd[18607]: Listen normally on 4 lo ::1 UDP 123
> > > Jan 26 20:43:09 idm1 ntpd[18607]: Listen normally on 5 eth0
fe80::5054:ff:fe4e:b270 UDP 123
> > > Jan 26 20:43:09 idm1 ntpd[18607]: Listen normally on 6 eth0
2001:638:a000:b201::220:100 UDP 123
> > > Jan 26 20:43:10 idm1 ntpd[18607]: Listening on routing socket on fd #23 for
interface updates
> > > Jan 26 20:43:10 idm1 ntpd[18607]: 0.0.0.0 c016 06 restart
> > > Jan 26 20:43:10 idm1 ntpd[18607]: 0.0.0.0 c012 02 freq_set ntpd -11.506
PPM
> > > Jan 26 20:43:10 idm1 systemd: Starting PKI Tomcat Server pki-tomcat...
> > > Jan 26 20:43:10 idm1 ns-slapd: [26/Jan/2018:20:43:10.654518701 +0100] -
WARN - csngen_new_csn - Too much time skew (-414240 secs). Current seqnum=1
> > > Jan 26 20:43:10 idm1 ns-slapd: [26/Jan/2018:20:43:10.903986761 +0100] - ERR
- NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meToidm2.XXXkd.fau.de"
(idm2:389) - Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials)
()
> > > Jan 26 20:43:11 idm1 ns-slapd: [26/Jan/2018:20:43:11.090525190 +0100] -
WARN - csngen_new_csn - Too much time skew (-414241 secs). Current seqnum=1
> > > Jan 26 20:43:11 idm1 ns-slapd: [26/Jan/2018:20:43:11.418472466 +0100] -
WARN - csngen_new_csn - Too much time skew (-414242 secs). Current seqnum=1
> > > Jan 26 20:43:11 idm1 ns-slapd: [26/Jan/2018:20:43:11.690552308 +0100] -
WARN - csngen_new_csn - Too much time skew (-414242 secs). Current seqnum=1
> > > Jan 26 20:43:11 idm1 ns-slapd: [26/Jan/2018:20:43:11.913216706 +0100] -
WARN - csngen_new_csn - Too much time skew (-414243 secs). Current seqnum=1
> > > Jan 26 20:43:12 idm1 pkidaemon: -----------------------
> > > Jan 26 20:43:12 idm1 pkidaemon: Banner is not installed
> > > Jan 26 20:43:12 idm1 pkidaemon: -----------------------
> > > Jan 26 20:43:12 idm1 pkidaemon: ----------------------
> > > Jan 26 20:43:12 idm1 pkidaemon: Enabled all subsystems
> > > Jan 26 20:43:12 idm1 pkidaemon: ----------------------
> > > Jan 26 20:43:12 idm1 systemd: Started PKI Tomcat Server pki-tomcat.
> > > Jan 26 20:43:12 idm1 server: Java virtual machine used:
/usr/lib/jvm/jre-1.8.0-openjdk/bin/java
> > > Jan 26 20:43:12 idm1 server: classpath used:
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> > > Jan 26 20:43:12 idm1 server: main class used:
org.apache.catalina.startup.Bootstrap
> > > Jan 26 20:43:12 idm1 server: flags used:
-DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.library.path=/usr/lib64/nuxwdog-jni
> > > Jan 26 20:43:12 idm1 server: options used:
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.security.manager
-Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
> > > Jan 26 20:43:12 idm1 server: arguments used: start
> > > Jan 26 20:43:12 idm1 ns-slapd: [26/Jan/2018:20:43:12.856244489 +0100] - ERR
- schema-compat-plugin - Finished plugin initialization.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'enableOCSP' to
'false' did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderURL' to 'http://idm1.XXXkd.fau.de:9080/ca/ocsp' did not find
a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find
a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspCacheSize'
to '1000' did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMinCacheEntryDuration' to '60' did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspTimeout' to
'10' did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'strictCiphers'
to 'true' did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslOptions' to
'ssl2=false,ssl3=false,tls=true' did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl2Ciphers' to
'-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5'
did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl3Ciphers' to
'-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'tlsCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching
property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching
property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslRangeCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256'
did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordFile'
to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordClass'
to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did not find a matching
property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property 'certdbDir' to
'/var/lib/pki/pki-tomcat/alias' did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property 'xmlValidation'
to 'false' did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
> > > Jan 26 20:43:13 idm1 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'xmlNamespaceAware' to 'false' did not find a matching property.
> > > Jan 26 20:43:13 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_init]
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:43:13 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:43:13 idm1 server: INFO: Initializing ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:43:13 idm1 server: Error: SSL cipher
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> > > Jan 26 20:43:13 idm1 server: Error: SSL cipher
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" not recognized by tomcatjss
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.coyote.AbstractProtocol init
> > > Jan 26 20:43:13 idm1 server: INFO: Initializing ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:43:13 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_init]
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.Catalina load
> > > Jan 26 20:43:13 idm1 server: INFO: Initialization processed in 887 ms
> > > Jan 26 20:43:13 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[before_start]
> > > Jan 26 20:43:13 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[configure_start]
> > > Jan 26 20:43:13 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[start]
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.core.StandardService startInternal
> > > Jan 26 20:43:13 idm1 server: INFO: Starting service Catalina
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.core.StandardEngine startInternal
> > > Jan 26 20:43:13 idm1 server: INFO: Starting Servlet Engine: Apache
Tomcat/7.0.76
> > > Jan 26 20:43:13 idm1 server: Jan 26, 2018 8:43:13 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:43:13 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml
> > > Jan 26 20:43:13 idm1 server: SSLAuthenticatorWithFallback: Creating SSL
authenticator with fallback
> > > Jan 26 20:43:13 idm1 server: SSLAuthenticatorWithFallback: Setting
container
> > > Jan 26 20:43:14 idm1 ntpd[18607]: 0.0.0.0 c515 05 clock_sync
> > > Jan 26 20:43:15 idm1 server: Jan 26, 2018 8:43:15 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:43:15 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:43:15 idm1 server: SSLAuthenticatorWithFallback: Initializing
authenticators
> > > Jan 26 20:43:15 idm1 server: SSLAuthenticatorWithFallback: Starting
authenticators
> > > Jan 26 20:43:15 idm1 server: CMSEngine.initializePasswordStore() begins
> > > Jan 26 20:43:15 idm1 server: CMSEngine.initializePasswordStore():
tag=internaldb
> > > Jan 26 20:43:15 idm1 server: CMSEngine.initializePasswordStore():
tag=replicationdb
> > > Jan 26 20:43:16 idm1 ns-slapd: [26/Jan/2018:20:43:16.928242338 +0100] -
WARN - csngen_new_csn - Too much time skew (-414239 secs). Current seqnum=1
> > > Jan 26 20:43:17 idm1 ns-slapd: [26/Jan/2018:20:43:17.631952903 +0100] -
WARN - csngen_new_csn - Too much time skew (-414239 secs). Current seqnum=1
> > > Jan 26 20:43:17 idm1 ns-slapd: [26/Jan/2018:20:43:17.654048776 +0100] -
WARN - csngen_new_csn - Too much time skew (-414240 secs). Current seqnum=1
> > > Jan 26 20:43:18 idm1 server: SelfTestSubsystem: Disabling "ca"
subsystem due to selftest failure.
> > > Jan 26 20:43:18 idm1 server: -----------------------
> > > Jan 26 20:43:18 idm1 server: Disabled "ca" subsystem
> > > Jan 26 20:43:18 idm1 server: -----------------------
> > > Jan 26 20:43:18 idm1 server: Subsystem ID: ca
> > > Jan 26 20:43:18 idm1 server: Instance ID: pki-tomcat
> > > Jan 26 20:43:18 idm1 server: Enabled: False
> > > Jan 26 20:43:18 idm1 server: Invalid class name repositorytop
> > > Jan 26 20:43:19 idm1 server: Invalid class name repositorytop
> > > Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.DBRegistry.createObject(DBRegistry.java:485)
> > > Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:167)
> > > Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:137)
> > > Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.getSerialNumber(Repository.java:125)
> > > Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.initCache(Repository.java:244)
> > > Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:460)
> > > Jan 26 20:43:19 idm1 server: at
com.netscape.cmscore.apps.CMSEngine.startup(CMSEngine.java:1378)
> > > Jan 26 20:43:19 idm1 server: at
com.netscape.certsrv.apps.CMS.startup(CMS.java:202)
> > > Jan 26 20:43:19 idm1 server: at
com.netscape.certsrv.apps.CMS.start(CMS.java:1632)
> > > Jan 26 20:43:19 idm1 server: at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117)
> > > Jan 26 20:43:19 idm1 server: at
javax.servlet.GenericServlet.init(GenericServlet.java:158)
> > > Jan 26 20:43:19 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > Jan 26 20:43:19 idm1 server: at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > > Jan 26 20:43:19 idm1 server: at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > Jan 26 20:43:19 idm1 server: at
java.lang.reflect.Method.invoke(Method.java:498)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> > > Jan 26 20:43:19 idm1 server: at
java.security.AccessController.doPrivileged(Native Method)
> > > Jan 26 20:43:19 idm1 server: at
javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1257)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5368)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
> > > Jan 26 20:43:19 idm1 server: at
java.security.AccessController.doPrivileged(Native Method)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
> > > Jan 26 20:43:19 idm1 server: at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
> > > Jan 26 20:43:19 idm1 server: at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> > > Jan 26 20:43:19 idm1 server: at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
> > > Jan 26 20:43:19 idm1 server: at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> > > Jan 26 20:43:19 idm1 server: at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> > > Jan 26 20:43:19 idm1 server: at java.lang.Thread.run(Thread.java:748)
> > > Jan 26 20:43:19 idm1 server: Jan 26, 2018 8:43:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:43:19 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml has finished in 5,274 ms
> > > Jan 26 20:43:19 idm1 server: Jan 26, 2018 8:43:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:43:19 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml
> > > Jan 26 20:43:19 idm1 server: Jan 26, 2018 8:43:19 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:43:19 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:43:19 idm1 server: Jan 26, 2018 8:43:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:43:19 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml has finished in 738 ms
> > > Jan 26 20:43:19 idm1 server: Jan 26, 2018 8:43:19 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:43:19 idm1 server: INFO: Deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml
> > > Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.catalina.startup.TldConfig execute
> > > Jan 26 20:43:20 idm1 server: INFO: At least one JAR was scanned for TLDs
yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs
that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning
can improve startup time and JSP compilation time.
> > > Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.catalina.startup.HostConfig deployDescriptor
> > > Jan 26 20:43:20 idm1 server: INFO: Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml has finished in 1,088 ms
> > > Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:43:20 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8080"]
> > > Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:43:20 idm1 server: INFO: Starting ProtocolHandler
["http-bio-8443"]
> > > Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.coyote.AbstractProtocol start
> > > Jan 26 20:43:20 idm1 server: INFO: Starting ProtocolHandler
["ajp-bio-127.0.0.1-8009"]
> > > Jan 26 20:43:20 idm1 server: PKIListener:
org.apache.catalina.core.StandardServer[after_start]
> > > Jan 26 20:43:20 idm1 server: PKIListener: Subsystem CA is disabled.
> > > Jan 26 20:43:20 idm1 server: PKIListener: Check
/var/log/pki/pki-tomcat/ca/selftests.log for possible errors.
> > > Jan 26 20:43:20 idm1 server: PKIListener: To enable the subsystem:
> > > Jan 26 20:43:20 idm1 server: PKIListener: pki-server subsystem-enable -i
pki-tomcat ca
> > > Jan 26 20:43:20 idm1 server: Jan 26, 2018 8:43:20 PM
org.apache.catalina.startup.Catalina start
> > > Jan 26 20:43:20 idm1 server: INFO: Server startup in 7197 ms
> > > Jan 26 20:43:21 idm1 ns-slapd: [26/Jan/2018:20:43:21.078383741 +0100] -
WARN - csngen_new_csn - Too much time skew (-414238 secs). Current seqnum=1
> > > Jan 26 20:43:21 idm1 ns-slapd: [26/Jan/2018:20:43:21.369142943 +0100] -
WARN - csngen_new_csn - Too much time skew (-414239 secs). Current seqnum=1
> > > Jan 26 20:43:29 idm1 ns-slapd: [26/Jan/2018:20:43:29.176587570 +0100] -
WARN - csngen_new_csn - Too much time skew (-414232 secs). Current seqnum=1
> > > Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.startup.HostConfig undeploy
> > > Jan 26 20:43:31 idm1 server: INFO: Undeploying context [/ca]
> > > Jan 26 20:43:31 idm1 server: SSLAuthenticatorWithFallback: Stopping
authenticators
> > > Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:43:31 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-0 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:43:31 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-2 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:43:31 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [authorityMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> > > Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:43:31 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [LDAPConnThread-3 ldaps://idm1.XXXkd.fau.de:636] but has
failed to stop it. This is very likely to create a memory leak.
> > > Jan 26 20:43:31 idm1 server: Jan 26, 2018 8:43:31 PM
org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
> > > Jan 26 20:43:31 idm1 server: SEVERE: The web application [/ca] appears to
have started a thread named [profileChangeMonitor] but has failed to stop it. This is very
likely to create a memory leak.
> > > Jan 26 20:43:31 idm1 server: SSLAuthenticatorWithFallback: Setting
container
> > > Jan 26 20:43:38 idm1 ns-slapd: [26/Jan/2018:20:43:38.212105934 +0100] -
WARN - csngen_new_csn - Too much time skew (-414224 secs). Current seqnum=1
> > > Jan 26 20:43:38 idm1 ns-slapd: [26/Jan/2018:20:43:38.221564490 +0100] -
WARN - csngen_new_csn - Too much time skew (-414225 secs). Current seqnum=1
> > > Jan 26 20:43:50 idm1 ns-slapd: [26/Jan/2018:20:43:50.895768971 +0100] -
WARN - csngen_new_csn - Too much time skew (-414213 secs). Current seqnum=1
> > > Jan 26 20:43:50 idm1 ns-slapd: [26/Jan/2018:20:43:50.928585085 +0100] -
WARN - csngen_new_csn - Too much time skew (-414214 secs). Current seqnum=1
> > > Jan 26 20:43:50 idm1 ns-slapd: [26/Jan/2018:20:43:50.973568568 +0100] -
WARN - csngen_new_csn - Too much time skew (-414215 secs). Current seqnum=1
> > > Jan 26 20:43:50 idm1 ns-slapd: [26/Jan/2018:20:43:50.996767806 +0100] -
WARN - csngen_new_csn - Too much time skew (-414216 secs). Current seqnum=1
> > > Jan 26 20:43:53 idm1 ns-slapd: [26/Jan/2018:20:43:53.245471011 +0100] -
WARN - csngen_new_csn - Too much time skew (-414215 secs). Current seqnum=1
> > > Jan 26 20:44:09 idm1 ns-slapd: [26/Jan/2018:20:44:09.057455395 +0100] -
WARN - csngen_new_csn - Too much time skew (-414200 secs). Current seqnum=1
> > > Jan 26 20:44:09 idm1 ns-slapd: [26/Jan/2018:20:44:09.080883041 +0100] -
WARN - csngen_new_csn - Too much time skew (-414201 secs). Current seqnum=1
> > > Jan 26 20:44:22 idm1 ns-slapd: [26/Jan/2018:20:44:22.056086120 +0100] -
WARN - csngen_new_csn - Too much time skew (-414189 secs). Current seqnum=1
> > > Jan 26 20:44:22 idm1 ns-slapd: [26/Jan/2018:20:44:22.083244850 +0100] -
WARN - csngen_new_csn - Too much time skew (-414190 secs). Current seqnum=1
> > > Jan 26 20:44:22 idm1 ns-slapd: [26/Jan/2018:20:44:22.090879226 +0100] -
WARN - csngen_new_csn - Too much time skew (-414191 secs). Current seqnum=1
> >
> > > _______________________________________________
> > > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> > > To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> >
>
>
> --
> Christof Schulze
>
> Institute of Materials Simulation (WW8)
> Department of Materials Science
> Friedrich-Alexander-University Erlangen-Nürnberg
> Dr.-Mack-Str. 77,
> 90762 Fürth, Germany
>
> Tel: 0911/65078-65069
> Email: christof.schulze(a)ww.uni-erlangen.de
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org