# ipa-replica-install -ddd --setup-dns --no-forwarders /var/lib/ipa/replica-info-ipa2.example.com.gpg ipa : DEBUG /sbin/ipa-replica-install was invoked with argument "/var/lib/ipa/replica-info-ipa2.example.com.gpg" and options: {'no_forwarders': True, 'conf_ssh': True, 'setup_ca': False, 'ui_redirect': True, 'reverse_zone': None, 'trust_sshfp': False, 'unattended': False, 'setup_pkinit': True, 'no_host_dns': False, 'mkhomedir': False, 'ip_address': None, 'no_reverse': False, 'setup_dns': True, 'create_sshfp': True, 'conf_sshd': True, 'forwarders': None, 'debug': True, 'conf_ntp': True, 'skip_conncheck': False, 'skip_schema_check': False} ipa : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Starting external process ipa : DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=VirtualHost configuration: *:8443 ipa2.example.com (/etc/httpd/conf.d/nss.conf:86) ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-enabled chronyd.service ipa : DEBUG Process finished, return code=1 ipa : DEBUG stdout= ipa : DEBUG stderr=Failed to issue method call: No such file or directory ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active chronyd.service ipa : DEBUG Process finished, return code=3 ipa : DEBUG stdout=unknown ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/gpg-agent --batch --homedir /tmp/tmpV3iDtbipa/ipa-dPP7l3/.gnupg --daemon /usr/bin/gpg --batch --homedir /tmp/tmpV3iDtbipa/ipa-dPP7l3/.gnupg --passphrase-fd 0 --yes --no-tty -o /tmp/tmpV3iDtbipa/files.tar -d /var/lib/ipa/replica-info-ipa2.example.com.gpg ipa : DEBUG Process finished, return code=0 ipa : DEBUG Starting external process ipa : DEBUG args=tar xf /tmp/tmpV3iDtbipa/files.tar -C /tmp/tmpV3iDtbipa ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Installing replica file with version 30305 (0 means no version in prepared file). ipa : DEBUG Check if ipa2.example.com is a primary hostname for localhost ipa : DEBUG Primary hostname for localhost: ipa2.example.com ipa : DEBUG Search DNS for ipa2.example.com ipa : DEBUG Check if ipa2.example.com is not a CNAME ipa : DEBUG Check reverse address of 10.0.3.15 ipa : DEBUG Found reverse name: ipa2.example.com ipa : DEBUG Check if ipa.example.com is a primary hostname for localhost ipa : DEBUG Primary hostname for localhost: ipa.example.com ipa : DEBUG Search DNS for ipa.example.com ipa : DEBUG Check if ipa.example.com is not a CNAME ipa : DEBUG Check reverse address of 10.0.3.4 ipa : DEBUG Found reverse name: ipa.example.com ipa : DEBUG Starting external process ipa : DEBUG args=/usr/sbin/ipa-replica-conncheck --master ipa.example.com --auto-master-check --realm EXAMPLE.COM --principal admin --hostname ipa2.example.com --password XXXXXXXX Check connection from replica to remote master 'ipa.example.com': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master Check SSH connection to remote master Execute check on remote master Check connection from master to remote replica 'ipa2.example.com': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK Connection from master to replica is OK. ipa : DEBUG Process finished, return code=0 ipa : DEBUG Starting external process ipa : DEBUG args=/sbin/ip -family inet -oneline address show ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever 2: eth0 inet 10.0.3.15/24 brd 10.0.3.255 scope global eth0\ valid_lft forever preferred_lft forever ipa : DEBUG stderr= ipa : DEBUG importing all plugin modules in '/usr/lib/python2.7/site-packages/ipalib/plugins'... ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/config.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/group.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/host.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py' ipa : DEBUG Starting external process ipa : DEBUG args=klist -V ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=Kerberos 5 version 1.11.3 ipa : DEBUG stderr= ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/role.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/service.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/user.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py' ipa : DEBUG importing all plugin modules in '/usr/lib/python2.7/site-packages/ipaserver/install/plugins'... ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/adtrust.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/baseupdate.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/dns.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/fix_replica_agreements.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/rename_managed.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_anonymous_aci.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_idranges.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_pacs.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_services.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py' ipa : DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py' ipa : DEBUG DS group dirsrv exists ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_43515088 ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldaps://ipa.example.com from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldaps://ipa.example.com conn= ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2 ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldaps://ipa.example.com from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldaps://ipa.example.com conn= ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2 ipa : DEBUG Check forward/reverse DNS resolution ipa : DEBUG Search DNS server ipa.example.com (['10.0.3.4', '10.0.3.4', '10.0.3.4']) for ipa.example.com ipa : DEBUG Check reverse address 10.0.3.4 (ipa.example.com) ipa : DEBUG Address 10.0.3.4 resolves to: ipa.example.com.. ipa : DEBUG Search DNS server ipa.example.com (['10.0.3.4', '10.0.3.4', '10.0.3.4']) for ipa2.example.com ipa : DEBUG Check reverse address 10.0.3.15 (ipa2.example.com) ipa : DEBUG Address 10.0.3.15 resolves to: ipa2.example.com.. ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2_43515088 ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-enabled chronyd.service ipa : DEBUG Process finished, return code=1 ipa : DEBUG stdout= ipa : DEBUG stderr=Failed to issue method call: No such file or directory ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active chronyd.service ipa : DEBUG Process finished, return code=3 ipa : DEBUG stdout=unknown ipa : DEBUG stderr= ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Configuring NTP daemon (ntpd) Run connection check to master Connection check OK Configuring NTP daemon (ntpd) ipa : DEBUG [1/4]: stopping ntpd [1/4]: stopping ntpd ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active ntpd.service ipa : DEBUG Process finished, return code=3 ipa : DEBUG stdout=unknown ipa : DEBUG stderr= ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl stop ntpd.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG duration: 0 seconds ipa : DEBUG [2/4]: writing configuration [2/4]: writing configuration ipa : DEBUG Backing up system configuration file '/etc/ntp.conf' ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG duration: 0 seconds ipa : DEBUG [3/4]: configuring ntpd to start on boot [3/4]: configuring ntpd to start on boot ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-enabled ntpd.service ipa : DEBUG Process finished, return code=1 ipa : DEBUG stdout=disabled ipa : DEBUG stderr= ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl enable ntpd.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr=ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service' ipa : DEBUG duration: 0 seconds ipa : DEBUG [4/4]: starting ntpd [4/4]: starting ntpd ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl start ntpd.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active ntpd.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG duration: 0 seconds ipa : DEBUG Done configuring NTP daemon (ntpd). Done configuring NTP daemon (ntpd). ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Configuring directory server (dirsrv): Estimated time 1 minute Configuring directory server (dirsrv): Estimated time 1 minute ipa : DEBUG [1/34]: creating directory server user [1/34]: creating directory server user ipa : DEBUG DS user dirsrv exists ipa : DEBUG duration: 0 seconds ipa : DEBUG [2/34]: creating directory server instance [2/34]: creating directory server instance ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG dn: dc=example,dc=com objectClass: top objectClass: domain objectClass: pilotObject dc: example info: IPA V2.0 ipa : DEBUG writing inf template ipa : DEBUG [General] FullMachineName= ipa2.example.com SuiteSpotUserID= dirsrv SuiteSpotGroup= dirsrv ServerRoot= /usr/lib64/dirsrv [slapd] ServerPort= 389 ServerIdentifier= EXAMPLE-COM Suffix= dc=example,dc=com RootDN= cn=Directory Manager InstallLdifFile= /var/lib/dirsrv/boot.ldif inst_dir= /var/lib/dirsrv/scripts-EXAMPLE-COM ipa : DEBUG calling setup-ds.pl ipa : DEBUG Starting external process ipa : DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpzvNRVC ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=[14/04/02:20:49:53] - [Setup] Info Your new DS instance 'EXAMPLE-COM' was successfully created. Your new DS instance 'EXAMPLE-COM' was successfully created. [14/04/02:20:49:53] - [Setup] Success Exiting . . . Log file is '-' Exiting . . . Log file is '-' ipa : DEBUG stderr= ipa : DEBUG completed creating ds instance ipa : DEBUG restarting ds instance ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl --system daemon-reload ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl restart dirsrv@EXAMPLE-COM.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active dirsrv@EXAMPLE-COM.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG wait_for_open_ports: localhost [389] timeout 300 ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active dirsrv@EXAMPLE-COM.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG done restarting ds instance ipa : DEBUG duration: 7 seconds ipa : DEBUG [3/34]: adding default schema [3/34]: adding default schema ipa : DEBUG duration: 0 seconds ipa : DEBUG [4/34]: enabling memberof plugin [4/34]: enabling memberof plugin ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmp_LANPN ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=replace nsslapd-pluginenabled: on add memberofgroupattr: memberUser add memberofgroupattr: memberHost modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [5/34]: enabling winsync plugin [5/34]: enabling winsync plugin ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpmx9LrJ ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa-winsync add nsslapd-pluginpath: libipa_winsync add nsslapd-plugininitfunc: ipa_winsync_plugin_init add nsslapd-pluginDescription: Allows IPA to work with the DS windows sync feature add nsslapd-pluginid: ipa-winsync add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-plugin-depends-on-type: database add ipaWinSyncRealmFilter: (objectclass=krbRealmContainer) add ipaWinSyncRealmAttr: cn add ipaWinSyncNewEntryFilter: (cn=ipaConfig) add ipaWinSyncNewUserOCAttr: ipauserobjectclasses add ipaWinSyncUserFlatten: true add ipaWinsyncHomeDirAttr: ipaHomesRootDir add ipaWinsyncLoginShellAttr: ipaDefaultLoginShell add ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup add ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) add ipaWinSyncAcctDisable: both add ipaWinSyncForceSync: true add ipaWinSyncUserAttr: uidNumber -1 gidNumber -1 adding new entry "cn=ipa-winsync,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [6/34]: configuring replication version plugin [6/34]: configuring replication version plugin ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpYGD8mY ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Version Replication add nsslapd-pluginpath: libipa_repl_version add nsslapd-plugininitfunc: repl_version_plugin_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: off add nsslapd-pluginid: ipa_repl_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Replication version plugin add nsslapd-plugin-depends-on-type: database add nsslapd-plugin-depends-on-named: Multimaster Replication Plugin adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [7/34]: enabling IPA enrollment plugin [7/34]: enabling IPA enrollment plugin ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmppZp97h -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpkR3OSl ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_enrollment_extop add nsslapd-pluginpath: libipa_enrollment_extop add nsslapd-plugininitfunc: ipaenrollment_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_enrollment_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Enroll hosts into the IPA domain add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=example,dc=com adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [8/34]: enabling ldapi [8/34]: enabling ldapi ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpCnHH53 -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpQHZklb ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=replace nsslapd-ldapilisten: on modifying entry "cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [9/34]: configuring uniqueness plugin [9/34]: configuring uniqueness plugin ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpGppfdL -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmp_58cPW ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: krbPrincipalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add nsslapd-pluginarg0: krbPrincipalName add nsslapd-pluginarg1: dc=example,dc=com add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: krbCanonicalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add nsslapd-pluginarg0: krbCanonicalName add nsslapd-pluginarg1: dc=example,dc=com add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: netgroup uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add nsslapd-pluginarg0: cn add nsslapd-pluginarg1: cn=ng,cn=alt,dc=example,dc=com add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: ipaUniqueID uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add nsslapd-pluginarg0: ipaUniqueID add nsslapd-pluginarg1: dc=example,dc=com add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: sudorule name uniqueness add nsslapd-pluginDescription: Enforce unique attribute values add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add nsslapd-pluginarg0: cn add nsslapd-pluginarg1: cn=sudorules,cn=sudo,dc=example,dc=com add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [10/34]: configuring uuid plugin [10/34]: configuring uuid plugin ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpNzxuIq ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA UUID add nsslapd-pluginpath: libipa_uuid add nsslapd-plugininitfunc: ipauuid_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipauuid_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA UUID plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA UUID,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp7sLQA6 -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpcz8pfh ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top extensibleObject add cn: IPA Unique IDs add ipaUuidAttr: ipaUniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation)) add ipaUuidScope: dc=example,dc=com add ipaUuidEnforce: TRUE adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [11/34]: configuring modrdn plugin [11/34]: configuring modrdn plugin ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmp9fKZ7S ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA MODRDN add nsslapd-pluginpath: libipa_modrdn add nsslapd-plugininitfunc: ipamodrdn_init add nsslapd-plugintype: betxnpostoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipamodrdn_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA MODRDN plugin add nsslapd-plugin-depends-on-type: database add nsslapd-pluginPrecedence: 60 adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmprHFkAn -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpy_EzLr ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top extensibleObject add cn: Kerberos Principal Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbPrincipalName add ipaModRDNsuffix: @EXAMPLE.COM add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=example,dc=com adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [12/34]: configuring DNS plugin [12/34]: configuring DNS plugin ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpPzDbZX ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsslapdPlugin extensibleObject add cn: IPA DNS add nsslapd-plugindescription: IPA DNS support plugin add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_dns add nsslapd-plugininitfunc: ipadns_init add nsslapd-pluginpath: libipa_dns.so add nsslapd-plugintype: preoperation add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-pluginversion: 1.0 add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA DNS,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [13/34]: enabling entryUSN plugin [13/34]: enabling entryUSN plugin ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpinCxBW ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=replace nsslapd-entryusn-global: on modifying entry "cn=config" modify complete replace nsslapd-entryusn-import-initval: next modifying entry "cn=config" modify complete replace nsslapd-pluginenabled: on modifying entry "cn=USN,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [14/34]: configuring lockout plugin [14/34]: configuring lockout plugin ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmp6RuKIC ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Lockout add nsslapd-pluginpath: libipa_lockout add nsslapd-plugininitfunc: ipalockout_init add nsslapd-plugintype: object add nsslapd-pluginenabled: on add nsslapd-pluginid: ipalockout_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Lockout plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA Lockout,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [15/34]: creating indices [15/34]: creating indices ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpeRyavO ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectClass: top nsIndex add cn: krbPrincipalName add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: ou add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: carLicense add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: title add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: manager add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: secretary add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: displayname add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add nsIndexType: sub modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: uidnumber add nsSystemIndex: false add nsIndexType: eq add nsMatchingRule: integerOrderingMatch adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: gidnumber add nsSystemIndex: false add nsIndexType: eq add nsMatchingRule: integerOrderingMatch adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete replace nsIndexType: eq,pres modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete replace nsIndexType: eq,pres modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add ObjectClass: top nsIndex add cn: fqdn add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add ObjectClass: top nsIndex add cn: macAddress add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberHost add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberUser add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: sourcehost add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberservice add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: managedby add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberallowcmd add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberdenycmd add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipasudorunas add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipasudorunasgroup add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: automountkey add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipakrbprincipalalias add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipauniqueid add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [16/34]: enabling referential integrity plugin [16/34]: enabling referential integrity plugin ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpMesUIg ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=replace nsslapd-pluginenabled: on add nsslapd-pluginArg7: manager add nsslapd-pluginArg8: secretary add nsslapd-pluginArg9: memberuser add nsslapd-pluginArg10: memberhost add nsslapd-pluginArg11: sourcehost add nsslapd-pluginArg12: memberservice add nsslapd-pluginArg13: managedby add nsslapd-pluginArg14: memberallowcmd add nsslapd-pluginArg15: memberdenycmd add nsslapd-pluginArg16: ipasudorunas add nsslapd-pluginArg17: ipasudorunasgroup modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [17/34]: configuring ssl for ds instance [17/34]: configuring ssl for ds instance ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -N -f /etc/dirsrv/slapd-EXAMPLE-COM//pwdfile.txt ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/pk12util -d /etc/dirsrv/slapd-EXAMPLE-COM/ -i /tmp/tmpV3iDtbipa/realm_info/dscert.p12 -k /etc/dirsrv/slapd-EXAMPLE-COM//pwdfile.txt -v -w /dev/stdin ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=pk12util: PKCS12 IMPORT SUCCESSFUL ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Server-Cert u,u,u EXAMPLE.COM IPA CA ,, ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -A -n CA -t CT,CT, -a ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Server-Cert u,u,u EXAMPLE.COM IPA CA CT,C, ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -M -n EXAMPLE.COM IPA CA -t CT,CT, ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -O -n Server-Cert ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout="EXAMPLE.COM IPA CA" [CN=Certificate Authority,O=EXAMPLE.COM] "Server-Cert" [CN=ipa2.example.com,O=EXAMPLE.COM] ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L -n EXAMPLE.COM IPA CA -a ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=-----BEGIN CERTIFICATE----- MIIDpzCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQsFADA+MRwwGgYDVQQKExNCVVRU RVJGTFlORVRJTkMuQ09NMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HhcNMTMwNzE3MjAxNDM0WhcNMzMwNzE3MjAxNDM0WjA+MRwwGgYDVQQKExNCVVRU RVJGTFlORVRJTkMuQ09NMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzqQ3ASw9Dy3+aUW+I9coF EVzTZLN76NgbGCV8eHypQw/uHtYP2815xG+9UnYo/rU4yk+MA+8yyU8Pl/Zf3cW4 lweIbQUdWIeqFCuqUSKA87/33owgR6Vw7pVvpFahxlyPlkm4ea8o5T+ShqbaEDGl nIQQOdu0ntrZzSnks2f4OXDlc72E9ynvaaP2rwGaCLpNd7h/4m6HwRU+e2n+G8WR ZcmH9CSbnLA7P5UIw71/ryrW5fK88YtR1xlCxqGc0xIJ5J5w1rZsDbvbz1PZlAvj FiLTbYxP6OBvxN2H+AWT/sCpu/KFh17XzboBeXWiJqaJcjSXs4tJPmym772l9qs1 AgMBAAGjga8wgawwHwYDVR0jBBgwFoAUEnr2QUuzwrqpDTdbGeVX7NdncicwDwYD VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFBJ69kFLs8K6 qQ03WxnlV+zXZ3InMEkGCCsGAQUFBwEBBD0wOzA5BggrBgEFBQcwAYYtaHR0cDov L2Nocm9ub3MuYnV0dGVyZmx5bmV0aW5jLmNvbTo4MC9jYS9vY3NwMA0GCSqGSIb3 DQEBCwUAA4IBAQB73I1uCktlr8FPt/PsL+1uVGjopk1FBOKc3z3v7VJjaCFj/v5K VR5EV593ezXGZiK0jk509rzZDVmfBt+l5PvRbo2hvU6VqDRBj9Ui/if2nH+KjV8E XvaceZClE4qmX4gjywD5OyrJxd3z7k4pwVjUZ1dY/TXe/0aoRk3wSKxJyHNe5uT+ 5OkZkdGm2qxTPWSVGVobKN+Bxon5ESk4YXZXb2jriSxl4T2au/S0JXOfScg4uasy ZZKhVbCGI7uvC5ZoyEX9IGGGE+EuAdh2WdXAqztKAkBHttHU65y0DnrBCGOIyuec oMo3psqd5Yr+pUNKpE1buCDscPmFV+DQIyn2 -----END CERTIFICATE----- ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L -n Server-Cert -a ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=-----BEGIN CERTIFICATE----- MIIEOjCCAyKgAwIBAgIBczANBgkqhkiG9w0BAQsFADA+MRwwGgYDVQQKExNCVVRU RVJGTFlORVRJTkMuQ09NMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HhcNMTQwNDAxMjAyNzUyWhcNMTYwNDAxMjAyNzUyWjBFMRwwGgYDVQQKExNCVVRU RVJGTFlORVRJTkMuQ09NMSUwIwYDVQQDExxjaHJvbm9zMy5idXR0ZXJmbHluZXRp bmMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxz3sUUMB7UDc G8Qopxg/hAk8r9s4nGfpw5MVcnhsQs5rVWhhv9CA8+QVGuqyGsii9b4MT916urfJ yBiGE+5zG0qhhOOQxmjkxoyHFpobTkWM6b5pehWDJilaIa2p193n/LKD51RiVuDU SbEQHCITEXM9dUVhBAYxf1zEzQzJ4AX/OmPLeDqYX+H+m0m0NFK+wqnGnMGBeyv0 kFBckBHbUhRg2uxlb05y4FDXSyCVehAfvhieE3Ssah4IJfTOD5goYFDvDcfTI3OQ URWLWnoP1nabJgZ0me+5oU0HK6/rCvyGhR1cknextL0UZ+YM6Io0YA7Yz7IKxjCI ZcuPuypwhQIDAQABo4IBOjCCATYwHwYDVR0jBBgwFoAUEnr2QUuzwrqpDTdbGeVX 7NdncicwRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vaXBhLWNh LmJ1dHRlcmZseW5ldGluYy5jb20vY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMH4GA1UdHwR3MHUwc6A7oDmGN2h0 dHA6Ly9pcGEtY2EuYnV0dGVyZmx5bmV0aW5jLmNvbS9pcGEvY3JsL01hc3RlckNS TC5iaW6iNKQyMDAxDjAMBgNVBAoTBWlwYWNhMR4wHAYDVQQDExVDZXJ0aWZpY2F0 ZSBBdXRob3JpdHkwHQYDVR0OBBYEFPpSXuoMvECrQ6NBZonQQfhj9pSrMA0GCSqG SIb3DQEBCwUAA4IBAQAUoxPZSGLhqyCcBj+6oHxswpeKyhkfIzSYLHCiqAY5VbcD cc7V7kEx39+cWMy0hhwpejCPFA/CWzf1lIJ49jS1z36beKMRrqZvRHqnXM0cctcO 6gygdBFx7+9+5hKil0LQIoLF+NAH31JEql0ooqGapC6Vjd7bddtx1eOZDTYL+JmG dSTH6oLp4MF/AwBolhM/wg/03udiJtkad4eX7LQovewjO5nPBr8ZhJ1cArA6EYYK dPNzJA9/3oyx+imEtOl6p2KclLSBMECKw7qXxpt2XZi/+hAgjk32kGbWPzO4igLL dtkUxUAUwMtPmBadTLf61iwwuNFhPsIGhgR6DSFx -----END CERTIFICATE----- ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Server-Cert u,u,u EXAMPLE.COM IPA CA CT,C, ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L -n Server-Cert -a ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=-----BEGIN CERTIFICATE----- MIIEOjCCAyKgAwIBAgIBczANBgkqhkiG9w0BAQsFADA+MRwwGgYDVQQKExNCVVRU RVJGTFlORVRJTkMuQ09NMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HhcNMTQwNDAxMjAyNzUyWhcNMTYwNDAxMjAyNzUyWjBFMRwwGgYDVQQKExNCVVRU RVJGTFlORVRJTkMuQ09NMSUwIwYDVQQDExxjaHJvbm9zMy5idXR0ZXJmbHluZXRp bmMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxz3sUUMB7UDc G8Qopxg/hAk8r9s4nGfpw5MVcnhsQs5rVWhhv9CA8+QVGuqyGsii9b4MT916urfJ yBiGE+5zG0qhhOOQxmjkxoyHFpobTkWM6b5pehWDJilaIa2p193n/LKD51RiVuDU SbEQHCITEXM9dUVhBAYxf1zEzQzJ4AX/OmPLeDqYX+H+m0m0NFK+wqnGnMGBeyv0 kFBckBHbUhRg2uxlb05y4FDXSyCVehAfvhieE3Ssah4IJfTOD5goYFDvDcfTI3OQ URWLWnoP1nabJgZ0me+5oU0HK6/rCvyGhR1cknextL0UZ+YM6Io0YA7Yz7IKxjCI ZcuPuypwhQIDAQABo4IBOjCCATYwHwYDVR0jBBgwFoAUEnr2QUuzwrqpDTdbGeVX 7NdncicwRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vaXBhLWNh LmJ1dHRlcmZseW5ldGluYy5jb20vY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMH4GA1UdHwR3MHUwc6A7oDmGN2h0 dHA6Ly9pcGEtY2EuYnV0dGVyZmx5bmV0aW5jLmNvbS9pcGEvY3JsL01hc3RlckNS TC5iaW6iNKQyMDAxDjAMBgNVBAoTBWlwYWNhMR4wHAYDVQQDExVDZXJ0aWZpY2F0 ZSBBdXRob3JpdHkwHQYDVR0OBBYEFPpSXuoMvECrQ6NBZonQQfhj9pSrMA0GCSqG SIb3DQEBCwUAA4IBAQAUoxPZSGLhqyCcBj+6oHxswpeKyhkfIzSYLHCiqAY5VbcD cc7V7kEx39+cWMy0hhwpejCPFA/CWzf1lIJ49jS1z36beKMRrqZvRHqnXM0cctcO 6gygdBFx7+9+5hKil0LQIoLF+NAH31JEql0ooqGapC6Vjd7bddtx1eOZDTYL+JmG dSTH6oLp4MF/AwBolhM/wg/03udiJtkad4eX7LQovewjO5nPBr8ZhJ1cArA6EYYK dPNzJA9/3oyx+imEtOl6p2KclLSBMECKw7qXxpt2XZi/+hAgjk32kGbWPzO4igLL dtkUxUAUwMtPmBadTLf61iwwuNFhPsIGhgR6DSFx -----END CERTIFICATE----- ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl enable certmonger.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr=ln -s '/usr/lib/systemd/system/certmonger.service' '/etc/systemd/system/multi-user.target.wants/certmonger.service' ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl start messagebus.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active messagebus.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl start certmonger.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active certmonger.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -L -d /etc/dirsrv/slapd-EXAMPLE-COM -n Server-Cert ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=Certificate: Data: Version: 3 (0x2) Serial Number: 115 (0x73) Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: "CN=Certificate Authority,O=EXAMPLE.COM" Validity: Not Before: Tue Apr 01 20:27:52 2014 Not After : Fri Apr 01 20:27:52 2016 Subject: "CN=ipa2.example.com,O=EXAMPLE.COM" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:3d:ec:51:43:01:ed:40:dc:1b:c4:28:a7:18:3f:84: 09:3c:af:db:38:9c:67:e9:c3:93:15:72:78:6c:42:ce: 6b:55:68:61:bf:d0:80:f3:e4:15:1a:ea:b2:1a:c8:a2: f5:be:0c:4f:dd:7a:ba:b7:c9:c8:18:86:13:ee:73:1b: 4a:a1:84:e3:90:c6:68:e4:c6:8c:87:16:9a:1b:4e:45: 8c:e9:be:69:7a:15:83:26:29:5a:21:ad:a9:d7:dd:e7: fc:b2:83:e7:54:62:56:e0:d4:49:b1:10:1c:22:13:11: 73:3d:75:45:61:04:06:31:7f:5c:c4:cd:0c:c9:e0:05: ff:3a:63:cb:78:3a:98:5f:e1:fe:9b:49:b4:34:52:be: c2:a9:c6:9c:c1:81:7b:2b:f4:90:50:5c:90:11:db:52: 14:60:da:ec:65:6f:4e:72:e0:50:d7:4b:20:95:7a:10: 1f:be:18:9e:13:74:ac:6a:1e:08:25:f4:ce:0f:98:28: 60:50:ef:0d:c7:d3:23:73:90:51:15:8b:5a:7a:0f:d6: 76:9b:26:06:74:99:ef:b9:a1:4d:07:2b:af:eb:0a:fc: 86:85:1d:5c:92:77:b1:b4:bd:14:67:e6:0c:e8:8a:34: 60:0e:d8:cf:b2:0a:c6:30:88:65:cb:8f:bb:2a:70:85 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Key ID: 12:7a:f6:41:4b:b3:c2:ba:a9:0d:37:5b:19:e5:57:ec: d7:67:72:27 Name: Authority Information Access Method: PKIX Online Certificate Status Protocol Location: URI: "http://ipa-ca.example.com/ca/ocsp" Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: CRL Distribution Points Distribution point: URI: "http://ipa-ca.example.com/ipa/crl/MasterCRL.bin" CRL issuer: Directory Name: "CN=Certificate Authority,O=ipaca" Name: Certificate Subject Key ID Data: fa:52:5e:ea:0c:bc:40:ab:43:a3:41:66:89:d0:41:f8: 63:f6:94:ab Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 14:a3:13:d9:48:62:e1:ab:20:9c:06:3f:ba:a0:7c:6c: c2:97:8a:ca:19:1f:23:34:98:2c:70:a2:a8:06:39:55: b7:03:71:ce:d5:ee:41:31:df:df:9c:58:cc:b4:86:1c: 29:7a:30:8f:14:0f:c2:5b:37:f5:94:82:78:f6:34:b5: cf:7e:9b:78:a3:11:ae:a6:6f:44:7a:a7:5c:cd:1c:72: d7:0e:ea:0c:a0:74:11:71:ef:ef:7e:e6:12:a2:97:42: d0:22:82:c5:f8:d0:07:df:52:44:aa:5d:28:a2:a1:9a: a4:2e:95:8d:de:db:75:db:71:d5:e3:99:0d:36:0b:f8: 99:86:75:24:c7:ea:82:e9:e0:c1:7f:03:00:68:96:13: 3f:c2:0f:f4:de:e7:62:26:d9:1a:77:87:97:ec:b4:28: bd:ec:23:3b:99:cf:06:bf:19:84:9d:5c:02:b0:3a:11: 86:0a:74:f3:73:24:0f:7f:de:8c:b1:fa:29:84:b4:e9: 7a:a7:62:9c:94:b4:81:30:40:8a:c3:ba:97:c6:9b:76: 5d:98:bf:fa:10:20:8e:4d:f6:90:66:d6:3f:33:b8:8a: 02:cb:76:d9:14:c5:40:14:c0:cb:4f:98:16:9d:4c:b7: fa:d6:2c:30:b8:d1:61:3e:c2:06:86:04:7a:0d:21:71 Fingerprint (MD5): 0B:C9:2A:B9:F9:CB:8D:0B:EB:4B:FA:93:17:F4:E0:ED Fingerprint (SHA1): 25:78:C7:AC:F4:25:AA:5F:64:7C:B8:10:83:46:51:EC:D9:94:B0:B1 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ipa-getcert start-tracking -d /etc/dirsrv/slapd-EXAMPLE-COM -n Server-Cert -p /etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt -C /usr/lib64/ipa/certmonger/restart_dirsrv EXAMPLE-COM ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=New tracking request "20140402204959" added. ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl stop certmonger.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L -n Server-Cert -a ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=-----BEGIN CERTIFICATE----- MIIEOjCCAyKgAwIBAgIBczANBgkqhkiG9w0BAQsFADA+MRwwGgYDVQQKExNCVVRU RVJGTFlORVRJTkMuQ09NMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HhcNMTQwNDAxMjAyNzUyWhcNMTYwNDAxMjAyNzUyWjBFMRwwGgYDVQQKExNCVVRU RVJGTFlORVRJTkMuQ09NMSUwIwYDVQQDExxjaHJvbm9zMy5idXR0ZXJmbHluZXRp bmMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxz3sUUMB7UDc G8Qopxg/hAk8r9s4nGfpw5MVcnhsQs5rVWhhv9CA8+QVGuqyGsii9b4MT916urfJ yBiGE+5zG0qhhOOQxmjkxoyHFpobTkWM6b5pehWDJilaIa2p193n/LKD51RiVuDU SbEQHCITEXM9dUVhBAYxf1zEzQzJ4AX/OmPLeDqYX+H+m0m0NFK+wqnGnMGBeyv0 kFBckBHbUhRg2uxlb05y4FDXSyCVehAfvhieE3Ssah4IJfTOD5goYFDvDcfTI3OQ URWLWnoP1nabJgZ0me+5oU0HK6/rCvyGhR1cknextL0UZ+YM6Io0YA7Yz7IKxjCI ZcuPuypwhQIDAQABo4IBOjCCATYwHwYDVR0jBBgwFoAUEnr2QUuzwrqpDTdbGeVX 7NdncicwRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vaXBhLWNh LmJ1dHRlcmZseW5ldGluYy5jb20vY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMH4GA1UdHwR3MHUwc6A7oDmGN2h0 dHA6Ly9pcGEtY2EuYnV0dGVyZmx5bmV0aW5jLmNvbS9pcGEvY3JsL01hc3RlckNS TC5iaW6iNKQyMDAxDjAMBgNVBAoTBWlwYWNhMR4wHAYDVQQDExVDZXJ0aWZpY2F0 ZSBBdXRob3JpdHkwHQYDVR0OBBYEFPpSXuoMvECrQ6NBZonQQfhj9pSrMA0GCSqG SIb3DQEBCwUAA4IBAQAUoxPZSGLhqyCcBj+6oHxswpeKyhkfIzSYLHCiqAY5VbcD cc7V7kEx39+cWMy0hhwpejCPFA/CWzf1lIJ49jS1z36beKMRrqZvRHqnXM0cctcO 6gygdBFx7+9+5hKil0LQIoLF+NAH31JEql0ooqGapC6Vjd7bddtx1eOZDTYL+JmG dSTH6oLp4MF/AwBolhM/wg/03udiJtkad4eX7LQovewjO5nPBr8ZhJ1cArA6EYYK dPNzJA9/3oyx+imEtOl6p2KclLSBMECKw7qXxpt2XZi/+hAgjk32kGbWPzO4igLL dtkUxUAUwMtPmBadTLf61iwwuNFhPsIGhgR6DSFx -----END CERTIFICATE----- ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl start certmonger.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active certmonger.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldap://ipa2.example.com:389 from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldap://ipa2.example.com:389 conn= ipa : DEBUG duration: 10 seconds ipa : DEBUG [18/34]: configuring certmap.conf [18/34]: configuring certmap.conf ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' ipa : DEBUG duration: 0 seconds ipa : DEBUG [19/34]: configure autobind for root [19/34]: configure autobind for root ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpzb6zKB ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectClass: extensibleObject top add cn: root-autobind add uidNumber: 0 add gidNumber: 0 adding new entry "cn=root-autobind,cn=config" modify complete replace nsslapd-ldapiautobind: on modifying entry "cn=config" modify complete replace nsslapd-ldapimaptoentries: on modifying entry "cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [20/34]: configure new location for managed entries [20/34]: configure new location for managed entries ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpb6Uy_z -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpUMIc_m ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add nsslapd-pluginConfigArea: cn=Definitions,cn=Managed Entries,cn=etc,dc=example,dc=com modifying entry "cn=Managed Entries,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [21/34]: configure dirsrv ccache [21/34]: configure dirsrv ccache ipa : DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Starting external process ipa : DEBUG args=/usr/sbin/selinuxenabled ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/usr/sbin/restorecon /etc/sysconfig/dirsrv ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG duration: 0 seconds ipa : DEBUG [22/34]: enable SASL mapping fallback [22/34]: enable SASL mapping fallback ipa : DEBUG Starting external process ipa : DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpa8svse -H ldap://ipa2.example.com:389 -x -D cn=Directory Manager -y /tmp/tmpBayUy6 ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=replace nsslapd-sasl-mapping-fallback: on modifying entry "cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://ipa2.example.com:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [23/34]: restarting directory server [23/34]: restarting directory server ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl --system daemon-reload ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl restart dirsrv@EXAMPLE-COM.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active dirsrv@EXAMPLE-COM.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG wait_for_open_ports: localhost [389] timeout 300 ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active dirsrv@EXAMPLE-COM.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG duration: 2 seconds ipa : DEBUG [24/34]: setting up initial replication [24/34]: setting up initial replication ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl --system daemon-reload ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl restart dirsrv@EXAMPLE-COM.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args=/bin/systemctl is-active dirsrv@EXAMPLE-COM.service ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG wait_for_open_ports: localhost [389] timeout 300 ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldap://ipa.example.com:389 from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldap://ipa.example.com:389 conn= ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldaps://ipa2.example.com:636 from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldaps://ipa2.example.com:636 conn= Starting replication, please wait until this has completed. Update in progress, 1 seconds elapsed Update in progress, 2 seconds elapsed Update in progress, 3 seconds elapsedipa : DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 638, in run_script return_value = main_function() File "/sbin/ipa-replica-install", line 663, in main ds = install_replica_ds(config) File "/sbin/ipa-replica-install", line 188, in install_replica_ds ca_file=config.dir + "/ca.crt", File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 360, in create_replica self.start_creation(runtime=60) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 364, in start_creation method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 373, in __setup_replica r_bindpw=self.dm_password) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 961, in setup_replication raise RuntimeError("Failed to start replication") ipa : DEBUG The ipa-replica-install command failed, exception: RuntimeError: Failed to start replication Failed to start replication [ipa.example.com] reports: Update failed! Status: [-1 Total update abortedLDAP error: Can't contact LDAP server] Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.