freeipa

Clone
Source Code
GIT

#8119 Install fails version 4.6.5 CentOS or Fedora
Closed: insufficientinfo 4 years ago by cheimes. Opened 4 years ago by shawninco.

Closed: insufficientinfo
Reopen Issue

Request for enhancement

Issue

I'm new to freeipa. I receive an ipaldap.py error at end of installation. Assistance would be appreciated, Thank you

Steps to Reproduce

Default install or install without CA

Actual behavior

Install fails.

Expected behavior

Success

Version/Release/Distribution

$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server

freeipa 4.6.5

Additional info:

Any additional information, configuration, data or log snippets that is needed for reproduction or investigation of the issue.

2019-11-15T02:47:33Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run
return cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 360, in run
return self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 386, in execute
for rval in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 655, in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install
for unused in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/init.py", line 590, in main
master_install(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 250, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 783, in install
setup_pkinit=not options.no_pkinit)
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 345, in create_instance
self.start_creation(runtime=30)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 712, in init_memberof
replication.wait_for_task(conn, dn)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 171, in wait_for_task
entry = conn.get_entry(dn, attrlist)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1565, in get_entry
size_limit=size_limit, get_effective_rights=get_effective_rights,
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1377, in get_entries
*kwargs)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1515, in find_entries
break
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1026, in error_handler
raise errors.NotFound(reason=arg_desc or 'no such entry')

2019-11-15T02:47:33Z DEBUG The ipa-server-install command failed, exception: NotFound: no such entry
2019-11-15T02:47:33Z ERROR no such entry
2019-11-15T02:47:33Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Log file locations: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-files-logs.html
Troubleshooting guide: https://www.freeipa.org/page/Troubleshooting

You say CentOS or Fedora? What do you mean? What version of Fedora?

When you say install without a CA what do you mean?

Please attach the full ipaserver-install.log

Thank you for your response.

You say CentOS or Fedora? What do you mean? What version of Fedora?

  1. I initially tried with the latest Fedora but when ran into similar issues quickly moved to CentOS. Unfortunately I did not catch the Fedora version but it was certainly released within the last week.

  2. I'm now concentrating efforts with CentOS version 7.x.

When you say install without a CA what do you mean?

  1. I tried both the default "ipa-server-install" and "ipa-server-install--ca-cert-file" methods. The second being my ultimate goal. I've attached the full log.

2019-11-15T02:30:40Z DEBUG Logging to /var/log/ipaserver-install.log
2019-11-15T02:30:40Z DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'ignore_topology_disconnect': False, 'verbose': False, 'domain_level': None, 'ip_addresses': None, 'secondary_rid_base': None, 'netbios_name': None, 'mkhomedir': False, 'http_cert_files': None, 'zonemgr': None, 'no_pkinit': False, 'reverse_zones': None, 'no_forwarders': False, 'external_ca_profile': None, 'external_ca_type': None, 'no_ntp': False, 'no_msdcs': False, 'setup_kra': False, 'domain_name': None, 'idmax': None, 'setup_adtrust': False, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': False, 'ca_signing_algorithm': None, 'no_reverse': False, 'ssh_trust_dns': False, 'pkinit_cert_files': None, 'ca_cert_files': ['/root/openssh/PKI/cacert.pem'], 'subject_base': None, 'auto_reverse': False, 'auto_forwarders': False, 'no_host_dns': False, 'no_sshd': False, 'no_ui_redirect': False, 'ignore_last_of_role': False, 'realm_name': None, 'forwarders': None, 'idstart': None, 'external_ca': False, 'pkinit_cert_name': None, 'no_ssh': False, 'external_cert_files': None, 'enable_compat': False, 'no_hbac_allow': False, 'forward_policy': None, 'dirsrv_cert_name': None, 'unattended': False, 'rid_base': None, 'quiet': False, 'setup_dns': False, 'ca_subject': None, 'host_name': None, 'dirsrv_config_file': None, 'log_file': None, 'allow_zone_overlap': False, 'uninstall': False}
2019-11-15T02:30:40Z DEBUG IPA version 4.6.5-11.el7.centos.3
2019-11-15T02:30:40Z DEBUG Searching for an interface of IP address: ::1
2019-11-15T02:30:40Z DEBUG Testing local IP address: ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (interface: lo)
2019-11-15T02:30:40Z DEBUG Starting external process
2019-11-15T02:30:40Z DEBUG args=/usr/sbin/selinuxenabled
2019-11-15T02:30:40Z DEBUG Process finished, return code=0
2019-11-15T02:30:40Z DEBUG stdout=
2019-11-15T02:30:40Z DEBUG stderr=
2019-11-15T02:30:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:30:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2019-11-15T02:30:40Z DEBUG httpd is not configured
2019-11-15T02:30:40Z DEBUG kadmin is not configured
2019-11-15T02:30:40Z DEBUG dirsrv is not configured
2019-11-15T02:30:40Z DEBUG pki-tomcatd is not configured
2019-11-15T02:30:40Z DEBUG install is not configured
2019-11-15T02:30:40Z DEBUG krb5kdc is not configured
2019-11-15T02:30:40Z DEBUG ntpd is not configured
2019-11-15T02:30:40Z DEBUG named is not configured
2019-11-15T02:30:40Z DEBUG filestore is tracking no files
2019-11-15T02:30:40Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2019-11-15T02:30:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2019-11-15T02:30:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:30:40Z DEBUG Starting external process
2019-11-15T02:30:40Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2019-11-15T02:30:40Z DEBUG Process finished, return code=0
2019-11-15T02:30:40Z DEBUG stdout=enabled

2019-11-15T02:30:40Z DEBUG stderr=
2019-11-15T02:30:40Z DEBUG Starting external process
2019-11-15T02:30:40Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
2019-11-15T02:31:10Z DEBUG Process finished, return code=0
2019-11-15T02:31:10Z DEBUG stdout=VirtualHost configuration:
*:8443 ipa.testipa.lan (/etc/httpd/conf.d/nss.conf:81)

2019-11-15T02:31:10Z DEBUG stderr=
2019-11-15T02:32:20Z DEBUG Check if ipa.testipa.lan is a primary hostname for localhost
2019-11-15T02:32:50Z DEBUG Primary hostname for localhost: ipa.testipa.lan
2019-11-15T02:32:50Z DEBUG Search DNS for ipa.testipa.lan
2019-11-15T02:33:10Z DEBUG Check if ipa.testipa.lan is not a CNAME
2019-11-15T02:33:40Z DEBUG Check reverse address of 192.168.1.99
2019-11-15T02:33:50Z DEBUG Found reverse name: ipa.testipa.lan
2019-11-15T02:33:50Z DEBUG Check reverse address of 192.168.122.1
2019-11-15T02:34:00Z DEBUG Found reverse name: ipa.testipa.lan
2019-11-15T02:34:00Z DEBUG Check reverse address of fe80::eb3c:14b1:2be1:3205%enp0s3
2019-11-15T02:34:10Z DEBUG Found reverse name: ipa.testipa.lan
2019-11-15T02:34:10Z DEBUG will use host_name: ipa.testipa.lan

2019-11-15T02:34:31Z DEBUG read domain_name: testipa.lan

2019-11-15T02:34:39Z DEBUG read realm_name: TESTIPA.LAN

2019-11-15T02:35:00Z DEBUG importing all plugin modules in ipaserver.plugins...
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.aci
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.automember
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.automount
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.baseldap
2019-11-15T02:35:00Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.baseuser
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.batch
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.ca
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.caacl
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.cert
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.certmap
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.certprofile
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.config
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.delegation
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.dns
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.dnsserver
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.dogtag
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.domainlevel
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.group
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.hbac
2019-11-15T02:35:00Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.hbacrule
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.hbactest
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.host
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.hostgroup
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.idrange
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.idviews
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.internal
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.join
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.ldap2
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.location
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.migration
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.misc
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.netgroup
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.otp
2019-11-15T02:35:00Z DEBUG ipaserver.plugins.otp is not a valid plugin module
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.otpconfig
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.otptoken
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.passwd
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.permission
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.ping
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.pkinit
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.privilege
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.rabase
2019-11-15T02:35:00Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.realmdomains
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.role
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.schema
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.selfservice
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.server
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.serverrole
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.serverroles
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.service
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.session
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.stageuser
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.sudo
2019-11-15T02:35:00Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.sudorule
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.topology
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.trust
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.user
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.vault
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.virtual
2019-11-15T02:35:00Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.whoami
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2019-11-15T02:35:00Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.dns
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2019-11-15T02:35:00Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2019-11-15T02:35:21Z DEBUG Name ipa.testipa.lan resolved to set([UnsafeIPAddress('192.168.122.1'), UnsafeIPAddress('192.168.1.99'), UnsafeIPAddress('fe80::eb3c:14b1:2be1:3205')])
2019-11-15T02:35:21Z WARNING Invalid IP address fe80::eb3c:14b1:2be1:3205 for ipa.testipa.lan: cannot use link-local IP address fe80::eb3c:14b1:2be1:3205
2019-11-15T02:35:21Z DEBUG Searching for an interface of IP address: 192.168.122.1
2019-11-15T02:35:21Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo)
2019-11-15T02:35:21Z DEBUG Testing local IP address: 192.168.1.99/255.255.255.0 (interface: enp0s3)
2019-11-15T02:35:21Z DEBUG Testing local IP address: 192.168.122.1/255.255.255.0 (interface: virbr0)
2019-11-15T02:35:21Z DEBUG Searching for an interface of IP address: 192.168.1.99
2019-11-15T02:35:21Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo)
2019-11-15T02:35:21Z DEBUG Testing local IP address: 192.168.1.99/255.255.255.0 (interface: enp0s3)
2019-11-15T02:36:01Z DEBUG Starting external process
2019-11-15T02:36:01Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2019-11-15T02:36:01Z DEBUG Process finished, return code=0
2019-11-15T02:36:01Z DEBUG stdout=enabled

2019-11-15T02:36:01Z DEBUG stderr=
2019-11-15T02:36:01Z DEBUG Starting external process
2019-11-15T02:36:01Z DEBUG args=/bin/systemctl is-active chronyd.service
2019-11-15T02:36:01Z DEBUG Process finished, return code=0
2019-11-15T02:36:01Z DEBUG stdout=active

2019-11-15T02:36:01Z DEBUG stderr=
2019-11-15T02:36:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:01Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:01Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:01Z DEBUG Starting external process
2019-11-15T02:36:01Z DEBUG args=/bin/systemctl stop chronyd.service
2019-11-15T02:36:01Z DEBUG Process finished, return code=0
2019-11-15T02:36:01Z DEBUG stdout=
2019-11-15T02:36:01Z DEBUG stderr=
2019-11-15T02:36:01Z DEBUG Stop of chronyd.service complete
2019-11-15T02:36:01Z DEBUG Starting external process
2019-11-15T02:36:01Z DEBUG args=/bin/systemctl disable chronyd.service
2019-11-15T02:36:02Z DEBUG Process finished, return code=0
2019-11-15T02:36:02Z DEBUG stdout=
2019-11-15T02:36:02Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.

2019-11-15T02:36:02Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:02Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2019-11-15T02:36:02Z DEBUG Configuring NTP daemon (ntpd)
2019-11-15T02:36:02Z DEBUG [1/4]: stopping ntpd
2019-11-15T02:36:02Z DEBUG Starting external process
2019-11-15T02:36:02Z DEBUG args=/bin/systemctl is-active ntpd.service
2019-11-15T02:36:02Z DEBUG Process finished, return code=3
2019-11-15T02:36:02Z DEBUG stdout=inactive

2019-11-15T02:36:02Z DEBUG stderr=
2019-11-15T02:36:02Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:02Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:02Z DEBUG Starting external process
2019-11-15T02:36:02Z DEBUG args=/bin/systemctl stop ntpd.service
2019-11-15T02:36:02Z DEBUG Process finished, return code=0
2019-11-15T02:36:02Z DEBUG stdout=
2019-11-15T02:36:02Z DEBUG stderr=
2019-11-15T02:36:02Z DEBUG Stop of ntpd.service complete
2019-11-15T02:36:02Z DEBUG duration: 0 seconds
2019-11-15T02:36:02Z DEBUG [2/4]: writing configuration
2019-11-15T02:36:02Z DEBUG Backing up system configuration file '/etc/ntp.conf'
2019-11-15T02:36:02Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-11-15T02:36:02Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd'
2019-11-15T02:36:02Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-11-15T02:36:02Z DEBUG duration: 0 seconds
2019-11-15T02:36:02Z DEBUG [3/4]: configuring ntpd to start on boot
2019-11-15T02:36:02Z DEBUG Starting external process
2019-11-15T02:36:02Z DEBUG args=/bin/systemctl is-enabled ntpd.service
2019-11-15T02:36:02Z DEBUG Process finished, return code=1
2019-11-15T02:36:02Z DEBUG stdout=disabled

2019-11-15T02:36:02Z DEBUG stderr=
2019-11-15T02:36:02Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:02Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:02Z DEBUG Starting external process
2019-11-15T02:36:02Z DEBUG args=/bin/systemctl enable ntpd.service
2019-11-15T02:36:02Z DEBUG Process finished, return code=0
2019-11-15T02:36:02Z DEBUG stdout=
2019-11-15T02:36:02Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.

2019-11-15T02:36:02Z DEBUG duration: 0 seconds
2019-11-15T02:36:02Z DEBUG [4/4]: starting ntpd
2019-11-15T02:36:02Z DEBUG Starting external process
2019-11-15T02:36:02Z DEBUG args=/bin/systemctl start ntpd.service
2019-11-15T02:36:02Z DEBUG Process finished, return code=0
2019-11-15T02:36:02Z DEBUG stdout=
2019-11-15T02:36:02Z DEBUG stderr=
2019-11-15T02:36:02Z DEBUG Starting external process
2019-11-15T02:36:02Z DEBUG args=/bin/systemctl is-active ntpd.service
2019-11-15T02:36:02Z DEBUG Process finished, return code=0
2019-11-15T02:36:02Z DEBUG stdout=active

2019-11-15T02:36:02Z DEBUG stderr=
2019-11-15T02:36:02Z DEBUG Start of ntpd.service complete
2019-11-15T02:36:02Z DEBUG duration: 0 seconds
2019-11-15T02:36:02Z DEBUG Done configuring NTP daemon (ntpd).
2019-11-15T02:36:02Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:02Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds
2019-11-15T02:36:02Z DEBUG [1/44]: creating directory server instance
2019-11-15T02:36:02Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:02Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-15T02:36:02Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
2019-11-15T02:36:02Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-11-15T02:36:02Z DEBUG
dn: dc=testipa,dc=lan
objectClass: top
objectClass: domain
objectClass: pilotObject
dc: testipa
info: IPA V2.0

2019-11-15T02:36:02Z DEBUG writing inf template
2019-11-15T02:36:02Z DEBUG
[General]
FullMachineName= ipa.testipa.lan
SuiteSpotUserID= dirsrv
SuiteSpotGroup= dirsrv
ServerRoot= /usr/lib64/dirsrv
[slapd]
ServerPort= 389
ServerIdentifier= TESTIPA-LAN
Suffix= dc=testipa,dc=lan
RootDN= cn=Directory Manager
InstallLdifFile= /var/lib/dirsrv/boot.ldif
inst_dir= /var/lib/dirsrv/scripts-TESTIPA-LAN

2019-11-15T02:36:02Z DEBUG calling setup-ds.pl
2019-11-15T02:36:02Z DEBUG Starting external process
2019-11-15T02:36:02Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmptuLuoG
2019-11-15T02:36:37Z DEBUG Process finished, return code=0
2019-11-15T02:36:37Z DEBUG stdout=[19/11/14:21:36:37] - [Setup] Info Your new DS instance 'TESTIPA-LAN' was successfully created.
Your new DS instance 'TESTIPA-LAN' was successfully created.
[19/11/14:21:36:37] - [Setup] Success Exiting . . .
Log file is '-'

Exiting . . .
Log file is '-'

2019-11-15T02:36:37Z DEBUG stderr=
2019-11-15T02:36:37Z DEBUG completed creating DS instance
2019-11-15T02:36:37Z DEBUG duration: 35 seconds
2019-11-15T02:36:37Z DEBUG [2/44]: enabling ldapi
2019-11-15T02:36:37Z DEBUG Starting external process
2019-11-15T02:36:37Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpt3Chhs -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmpaDAKnF
2019-11-15T02:36:58Z DEBUG Process finished, return code=0
2019-11-15T02:36:58Z DEBUG stdout=replace nsslapd-ldapilisten:
on
modifying entry "cn=config"
modify complete

2019-11-15T02:36:58Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )

2019-11-15T02:36:58Z DEBUG duration: 20 seconds
2019-11-15T02:36:58Z DEBUG [3/44]: configure autobind for root
2019-11-15T02:36:58Z DEBUG Starting external process
2019-11-15T02:36:58Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmpo__XKc
2019-11-15T02:37:18Z DEBUG Process finished, return code=0
2019-11-15T02:37:18Z DEBUG stdout=add objectClass:
extensibleObject
top
add cn:
root-autobind
add uidNumber:
0
add gidNumber:
0
adding new entry "cn=root-autobind,cn=config"
modify complete

replace nsslapd-ldapiautobind:
on
modifying entry "cn=config"
modify complete

replace nsslapd-ldapimaptoentries:
on
modifying entry "cn=config"
modify complete

2019-11-15T02:37:18Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )

2019-11-15T02:37:18Z DEBUG duration: 20 seconds
2019-11-15T02:37:18Z DEBUG [4/44]: stopping directory server
2019-11-15T02:37:18Z DEBUG Starting external process
2019-11-15T02:37:18Z DEBUG args=/bin/systemctl stop dirsrv@TESTIPA-LAN.service
2019-11-15T02:37:20Z DEBUG Process finished, return code=0
2019-11-15T02:37:20Z DEBUG stdout=
2019-11-15T02:37:20Z DEBUG stderr=
2019-11-15T02:37:20Z DEBUG Stop of dirsrv@TESTIPA-LAN.service complete
2019-11-15T02:37:20Z DEBUG duration: 2 seconds
2019-11-15T02:37:20Z DEBUG [5/44]: updating configuration in dse.ldif
2019-11-15T02:37:20Z DEBUG Starting external process
2019-11-15T02:37:20Z DEBUG args=/usr/sbin/selinuxenabled
2019-11-15T02:37:20Z DEBUG Process finished, return code=0
2019-11-15T02:37:20Z DEBUG stdout=
2019-11-15T02:37:20Z DEBUG stderr=
2019-11-15T02:37:20Z DEBUG Starting external process
2019-11-15T02:37:20Z DEBUG args=/sbin/restorecon /etc/dirsrv/slapd-TESTIPA-LAN/dse.ldif
2019-11-15T02:37:20Z DEBUG Process finished, return code=0
2019-11-15T02:37:20Z DEBUG stdout=
2019-11-15T02:37:20Z DEBUG stderr=
2019-11-15T02:37:20Z DEBUG duration: 0 seconds
2019-11-15T02:37:20Z DEBUG [6/44]: starting directory server
2019-11-15T02:37:20Z DEBUG Starting external process
2019-11-15T02:37:20Z DEBUG args=/bin/systemctl start dirsrv@TESTIPA-LAN.service
2019-11-15T02:37:24Z DEBUG Process finished, return code=0
2019-11-15T02:37:24Z DEBUG stdout=
2019-11-15T02:37:24Z DEBUG stderr=
2019-11-15T02:37:24Z DEBUG Starting external process
2019-11-15T02:37:24Z DEBUG args=/bin/systemctl is-active dirsrv@TESTIPA-LAN.service
2019-11-15T02:37:24Z DEBUG Process finished, return code=0
2019-11-15T02:37:24Z DEBUG stdout=active

2019-11-15T02:37:24Z DEBUG stderr=
2019-11-15T02:37:24Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2019-11-15T02:37:24Z DEBUG waiting for port: 389
2019-11-15T02:37:24Z DEBUG SUCCESS: port: 389
2019-11-15T02:37:24Z DEBUG Start of dirsrv@TESTIPA-LAN.service complete
2019-11-15T02:37:44Z DEBUG Created connection context.ldap2_140092996027088
2019-11-15T02:37:44Z DEBUG duration: 23 seconds
2019-11-15T02:37:44Z DEBUG [7/44]: adding default schema
2019-11-15T02:37:44Z DEBUG duration: 0 seconds
2019-11-15T02:37:44Z DEBUG [8/44]: enabling memberof plugin
2019-11-15T02:37:44Z DEBUG Starting external process
2019-11-15T02:37:44Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:38:04Z DEBUG Process finished, return code=0
2019-11-15T02:38:04Z DEBUG stdout=replace nsslapd-pluginenabled:
on
add memberofgroupattr:
memberUser
add memberofgroupattr:
memberHost
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
modify complete

2019-11-15T02:38:04Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:38:04Z DEBUG duration: 20 seconds
2019-11-15T02:38:04Z DEBUG [9/44]: enabling winsync plugin
2019-11-15T02:38:04Z DEBUG Starting external process
2019-11-15T02:38:04Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:38:24Z DEBUG Process finished, return code=0
2019-11-15T02:38:24Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa-winsync
add nsslapd-pluginpath:
libipa_winsync
add nsslapd-plugininitfunc:
ipa_winsync_plugin_init
add nsslapd-pluginDescription:
Allows IPA to work with the DS windows sync feature
add nsslapd-pluginid:
ipa-winsync
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-plugin-depends-on-type:
database
add ipaWinSyncRealmFilter:
(objectclass=krbRealmContainer)
add ipaWinSyncRealmAttr:
cn
add ipaWinSyncNewEntryFilter:
(cn=ipaConfig)
add ipaWinSyncNewUserOCAttr:
ipauserobjectclasses
add ipaWinSyncUserFlatten:
true
add ipaWinsyncHomeDirAttr:
ipaHomesRootDir
add ipaWinsyncLoginShellAttr:
ipaDefaultLoginShell
add ipaWinSyncDefaultGroupAttr:
ipaDefaultPrimaryGroup
add ipaWinSyncDefaultGroupFilter:
(gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
add ipaWinSyncAcctDisable:
both
add ipaWinSyncForceSync:
true
add ipaWinSyncUserAttr:
uidNumber -1
gidNumber -1
adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
modify complete

2019-11-15T02:38:24Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:38:24Z DEBUG duration: 20 seconds
2019-11-15T02:38:24Z DEBUG [10/44]: configuring replication version plugin
2019-11-15T02:38:24Z DEBUG Starting external process
2019-11-15T02:38:24Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:38:44Z DEBUG Process finished, return code=0
2019-11-15T02:38:44Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Version Replication
add nsslapd-pluginpath:
libipa_repl_version
add nsslapd-plugininitfunc:
repl_version_plugin_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
off
add nsslapd-pluginid:
ipa_repl_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Replication version plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-plugin-depends-on-named:
Multimaster Replication Plugin
adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
modify complete

2019-11-15T02:38:44Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:38:44Z DEBUG duration: 20 seconds
2019-11-15T02:38:44Z DEBUG [11/44]: enabling IPA enrollment plugin
2019-11-15T02:38:44Z DEBUG Starting external process
2019-11-15T02:38:44Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpcq3Ldq -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:39:04Z DEBUG Process finished, return code=0
2019-11-15T02:39:04Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa_enrollment_extop
add nsslapd-pluginpath:
libipa_enrollment_extop
add nsslapd-plugininitfunc:
ipaenrollment_init
add nsslapd-plugintype:
extendedop
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_enrollment_extop
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
RedHat
add nsslapd-plugindescription:
Enroll hosts into the IPA domain
add nsslapd-plugin-depends-on-type:
database
add nsslapd-realmTree:
dc=testipa,dc=lan
adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
modify complete

2019-11-15T02:39:04Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:39:04Z DEBUG duration: 20 seconds
2019-11-15T02:39:04Z DEBUG [12/44]: configuring uniqueness plugin
2019-11-15T02:39:04Z DEBUG Starting external process
2019-11-15T02:39:04Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp12jWfZ -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:39:24Z DEBUG Process finished, return code=0
2019-11-15T02:39:24Z DEBUG stdout=add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
krbPrincipalName uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
krbPrincipalName
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=testipa,dc=lan
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=testipa,dc=lan
add uniqueness-across-all-subtrees:
on
adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
krbCanonicalName uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
krbCanonicalName
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=testipa,dc=lan
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=testipa,dc=lan
add uniqueness-across-all-subtrees:
on
adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
netgroup uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
cn
add uniqueness-subtrees:
cn=ng,cn=alt,dc=testipa,dc=lan
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipaUniqueID uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
ipaUniqueID
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=testipa,dc=lan
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=testipa,dc=lan
add uniqueness-across-all-subtrees:
on
adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
sudorule name uniqueness
add nsslapd-pluginDescription:
Enforce unique attribute values
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
cn
add uniqueness-subtrees:
cn=sudorules,cn=sudo,dc=testipa,dc=lan
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
modify complete

2019-11-15T02:39:24Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:39:24Z DEBUG duration: 20 seconds
2019-11-15T02:39:24Z DEBUG [13/44]: configuring uuid plugin
2019-11-15T02:39:24Z DEBUG Starting external process
2019-11-15T02:39:24Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:39:44Z DEBUG Process finished, return code=0
2019-11-15T02:39:44Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA UUID
add nsslapd-pluginpath:
libipa_uuid
add nsslapd-plugininitfunc:
ipauuid_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipauuid_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA UUID plugin
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA UUID,cn=plugins,cn=config"
modify complete

2019-11-15T02:39:44Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:39:44Z DEBUG Starting external process
2019-11-15T02:39:44Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpByM2ad -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:40:04Z DEBUG Process finished, return code=0
2019-11-15T02:40:04Z DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
IPA Unique IDs
add ipaUuidAttr:
ipaUniqueID
add ipaUuidMagicRegen:
autogenerate
add ipaUuidFilter:
(|(objectclass=ipaObject)(objectclass=ipaAssociation))
add ipaUuidScope:
dc=testipa,dc=lan
add ipaUuidEnforce:
TRUE
adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete

add objectclass:
top
extensibleObject
add cn:
IPK11 Unique IDs
add ipaUuidAttr:
ipk11UniqueID
add ipaUuidMagicRegen:
autogenerate
add ipaUuidFilter:
(objectclass=ipk11Object)
add ipaUuidScope:
dc=testipa,dc=lan
add ipaUuidEnforce:
FALSE
adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete

2019-11-15T02:40:04Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:40:04Z DEBUG duration: 40 seconds
2019-11-15T02:40:04Z DEBUG [14/44]: configuring modrdn plugin
2019-11-15T02:40:04Z DEBUG Starting external process
2019-11-15T02:40:04Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:40:24Z DEBUG Process finished, return code=0
2019-11-15T02:40:24Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA MODRDN
add nsslapd-pluginpath:
libipa_modrdn
add nsslapd-plugininitfunc:
ipamodrdn_init
add nsslapd-plugintype:
betxnpostoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipamodrdn_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA MODRDN plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginPrecedence:
60
adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
modify complete

2019-11-15T02:40:24Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:40:24Z DEBUG Starting external process
2019-11-15T02:40:24Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpyEbHPq -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:40:44Z DEBUG Process finished, return code=0
2019-11-15T02:40:44Z DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
Kerberos Principal Name
add ipaModRDNsourceAttr:
uid
add ipaModRDNtargetAttr:
krbPrincipalName
add ipaModRDNsuffix:
@TESTIPA.LAN
add ipaModRDNfilter:
(&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
dc=testipa,dc=lan
adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete

add objectclass:
top
extensibleObject
add cn:
Kerberos Canonical Name
add ipaModRDNsourceAttr:
uid
add ipaModRDNtargetAttr:
krbCanonicalName
add ipaModRDNsuffix:
@TESTIPA.LAN
add ipaModRDNfilter:
(&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
dc=testipa,dc=lan
adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete

2019-11-15T02:40:44Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:40:44Z DEBUG duration: 40 seconds
2019-11-15T02:40:44Z DEBUG [15/44]: configuring DNS plugin
2019-11-15T02:40:44Z DEBUG Starting external process
2019-11-15T02:40:44Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:41:04Z DEBUG Process finished, return code=0
2019-11-15T02:41:04Z DEBUG stdout=add objectclass:
top
nsslapdPlugin
extensibleObject
add cn:
IPA DNS
add nsslapd-plugindescription:
IPA DNS support plugin
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_dns
add nsslapd-plugininitfunc:
ipadns_init
add nsslapd-pluginpath:
libipa_dns.so
add nsslapd-plugintype:
preoperation
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-pluginversion:
1.0
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA DNS,cn=plugins,cn=config"
modify complete

2019-11-15T02:41:04Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:41:04Z DEBUG duration: 20 seconds
2019-11-15T02:41:04Z DEBUG [16/44]: enabling entryUSN plugin
2019-11-15T02:41:04Z DEBUG Starting external process
2019-11-15T02:41:04Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:41:25Z DEBUG Process finished, return code=0
2019-11-15T02:41:25Z DEBUG stdout=replace nsslapd-entryusn-global:
on
modifying entry "cn=config"
modify complete

replace nsslapd-entryusn-import-initval:
next
modifying entry "cn=config"
modify complete

replace nsslapd-pluginenabled:
on
modifying entry "cn=USN,cn=plugins,cn=config"
modify complete

2019-11-15T02:41:25Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:41:25Z DEBUG duration: 20 seconds
2019-11-15T02:41:25Z DEBUG [17/44]: configuring lockout plugin
2019-11-15T02:41:25Z DEBUG Starting external process
2019-11-15T02:41:25Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:41:45Z DEBUG Process finished, return code=0
2019-11-15T02:41:45Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Lockout
add nsslapd-pluginpath:
libipa_lockout
add nsslapd-plugininitfunc:
ipalockout_init
add nsslapd-plugintype:
object
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipalockout_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Lockout plugin
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
modify complete

2019-11-15T02:41:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:41:45Z DEBUG duration: 20 seconds
2019-11-15T02:41:45Z DEBUG [18/44]: configuring topology plugin
2019-11-15T02:41:45Z DEBUG Starting external process
2019-11-15T02:41:45Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmplA6wUv -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:42:05Z DEBUG Process finished, return code=0
2019-11-15T02:42:05Z DEBUG stdout=add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Topology Configuration
add nsslapd-pluginPath:
libtopology
add nsslapd-pluginInitfunc:
ipa_topo_init
add nsslapd-pluginType:
object
add nsslapd-pluginEnabled:
on
add nsslapd-topo-plugin-shared-config-base:
cn=ipa,cn=etc,dc=testipa,dc=lan
add nsslapd-topo-plugin-shared-replica-root:
dc=testipa,dc=lan
o=ipaca
add nsslapd-topo-plugin-shared-binddngroup:
cn=replication managers,cn=sysaccounts,cn=etc,dc=testipa,dc=lan
add nsslapd-topo-plugin-startup-delay:
20
add nsslapd-pluginId:
none
add nsslapd-plugin-depends-on-named:
ldbm database
Multimaster Replication Plugin
add nsslapd-pluginVersion:
1.0
add nsslapd-pluginVendor:
none
add nsslapd-pluginDescription:
none
adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config"
modify complete

2019-11-15T02:42:05Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:42:05Z DEBUG duration: 20 seconds
2019-11-15T02:42:05Z DEBUG [19/44]: creating indices
2019-11-15T02:42:05Z DEBUG Starting external process
2019-11-15T02:42:05Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:42:25Z DEBUG Process finished, return code=0
2019-11-15T02:42:25Z DEBUG stdout=add objectClass:
top
nsIndex
add cn:
krbPrincipalName
add nsSystemIndex:
false
add nsIndexType:
eq
sub
add nsMatchingRule:
caseIgnoreIA5Match
caseExactIA5Match
adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
ou
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
carLicense
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
title
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
manager
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
secretary
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
displayname
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add nsIndexType:
sub
modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
uidnumber
add nsSystemIndex:
false
add nsIndexType:
eq
add nsMatchingRule:
integerOrderingMatch
adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
gidnumber
add nsSystemIndex:
false
add nsIndexType:
eq
add nsMatchingRule:
integerOrderingMatch
adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

replace nsIndexType:
eq
pres
modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

replace nsIndexType:
eq
pres
modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add ObjectClass:
top
nsIndex
add cn:
fqdn
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add ObjectClass:
top
nsIndex
add cn:
macAddress
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
memberHost
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
memberUser
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
sourcehost
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
memberservice
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
managedby
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
memberallowcmd
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
memberdenycmd
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipasudorunas
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipasudorunasgroup
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
automountkey
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
automountMapName
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipaConfigString
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipaEnabledFlag
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipaKrbAuthzData
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipakrbprincipalalias
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipauniqueid
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipaMemberCa
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipaMemberCertProfile
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
userCertificate
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipalocation
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
krbCanonicalName
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
serverhostname
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
description
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
l
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
nsOsVersion
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
nsHardwarePlatform
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
nsHostLocation
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipServicePort
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
accessRuleType
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
hostCategory
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
idnsName
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

2019-11-15T02:42:25Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:42:25Z DEBUG duration: 20 seconds
2019-11-15T02:42:25Z DEBUG [20/44]: enabling referential integrity plugin
2019-11-15T02:42:25Z DEBUG Starting external process
2019-11-15T02:42:25Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:42:45Z DEBUG Process finished, return code=0
2019-11-15T02:42:45Z DEBUG stdout=replace nsslapd-pluginenabled:
on
modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
modify complete

2019-11-15T02:42:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:42:45Z DEBUG duration: 20 seconds
2019-11-15T02:42:45Z DEBUG [21/44]: configuring certmap.conf
2019-11-15T02:42:45Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-11-15T02:42:45Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-11-15T02:42:45Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-11-15T02:42:45Z DEBUG duration: 0 seconds
2019-11-15T02:42:45Z DEBUG [22/44]: configure new location for managed entries
2019-11-15T02:42:45Z DEBUG Starting external process
2019-11-15T02:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpFu0_1g -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:43:05Z DEBUG Process finished, return code=0
2019-11-15T02:43:05Z DEBUG stdout=add nsslapd-pluginConfigArea:
cn=Definitions,cn=Managed Entries,cn=etc,dc=testipa,dc=lan
modifying entry "cn=Managed Entries,cn=plugins,cn=config"
modify complete

2019-11-15T02:43:05Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:43:05Z DEBUG duration: 20 seconds
2019-11-15T02:43:05Z DEBUG [23/44]: configure dirsrv ccache
2019-11-15T02:43:05Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
2019-11-15T02:43:05Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-11-15T02:43:05Z DEBUG Starting external process
2019-11-15T02:43:05Z DEBUG args=/usr/sbin/selinuxenabled
2019-11-15T02:43:05Z DEBUG Process finished, return code=0
2019-11-15T02:43:05Z DEBUG stdout=
2019-11-15T02:43:05Z DEBUG stderr=
2019-11-15T02:43:05Z DEBUG Starting external process
2019-11-15T02:43:05Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv
2019-11-15T02:43:05Z DEBUG Process finished, return code=0
2019-11-15T02:43:05Z DEBUG stdout=
2019-11-15T02:43:05Z DEBUG stderr=
2019-11-15T02:43:05Z DEBUG duration: 0 seconds
2019-11-15T02:43:05Z DEBUG [24/44]: enabling SASL mapping fallback
2019-11-15T02:43:05Z DEBUG Starting external process
2019-11-15T02:43:05Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpUcZ8oO -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:43:25Z DEBUG Process finished, return code=0
2019-11-15T02:43:25Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
on
modifying entry "cn=config"
modify complete

2019-11-15T02:43:25Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:43:25Z DEBUG duration: 20 seconds
2019-11-15T02:43:25Z DEBUG [25/44]: restarting directory server
2019-11-15T02:43:25Z DEBUG Destroyed connection context.ldap2_140092996027088
2019-11-15T02:43:25Z DEBUG Starting external process
2019-11-15T02:43:25Z DEBUG args=/bin/systemctl --system daemon-reload
2019-11-15T02:43:25Z DEBUG Process finished, return code=0
2019-11-15T02:43:25Z DEBUG stdout=
2019-11-15T02:43:25Z DEBUG stderr=
2019-11-15T02:43:25Z DEBUG Starting external process
2019-11-15T02:43:25Z DEBUG args=/bin/systemctl restart dirsrv@TESTIPA-LAN.service
2019-11-15T02:43:31Z DEBUG Process finished, return code=0
2019-11-15T02:43:31Z DEBUG stdout=
2019-11-15T02:43:31Z DEBUG stderr=
2019-11-15T02:43:31Z DEBUG Starting external process
2019-11-15T02:43:31Z DEBUG args=/bin/systemctl is-active dirsrv@TESTIPA-LAN.service
2019-11-15T02:43:31Z DEBUG Process finished, return code=0
2019-11-15T02:43:31Z DEBUG stdout=active

2019-11-15T02:43:31Z DEBUG stderr=
2019-11-15T02:43:31Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2019-11-15T02:43:31Z DEBUG waiting for port: 389
2019-11-15T02:43:31Z DEBUG SUCCESS: port: 389
2019-11-15T02:43:31Z DEBUG Restart of dirsrv@TESTIPA-LAN.service complete
2019-11-15T02:43:31Z DEBUG Starting external process
2019-11-15T02:43:31Z DEBUG args=/bin/systemctl is-active dirsrv@TESTIPA-LAN.service
2019-11-15T02:43:31Z DEBUG Process finished, return code=0
2019-11-15T02:43:31Z DEBUG stdout=active

2019-11-15T02:43:31Z DEBUG stderr=
2019-11-15T02:43:31Z DEBUG Created connection context.ldap2_140092996027088
2019-11-15T02:43:31Z DEBUG duration: 5 seconds
2019-11-15T02:43:31Z DEBUG [26/44]: adding sasl mappings to the directory
2019-11-15T02:43:31Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket from SchemaCache
2019-11-15T02:43:31Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f69f0ab04d0>
2019-11-15T02:43:31Z DEBUG duration: 0 seconds
2019-11-15T02:43:31Z DEBUG [27/44]: adding default layout
2019-11-15T02:43:31Z DEBUG Starting external process
2019-11-15T02:43:31Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpFl0fLy -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:43:51Z DEBUG Process finished, return code=0
2019-11-15T02:43:51Z DEBUG stdout=add objectClass:
top
nsContainer
add cn:
accounts
adding new entry "cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
users
adding new entry "cn=users,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
groups
adding new entry "cn=groups,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
services
adding new entry "cn=services,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
computers
adding new entry "cn=computers,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
hostgroups
adding new entry "cn=hostgroups,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
ipservices
adding new entry "cn=ipservices,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
add cn:
alt
adding new entry "cn=alt,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
add cn:
ng
adding new entry "cn=ng,cn=alt,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
add cn:
automount
adding new entry "cn=automount,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
add cn:
default
adding new entry "cn=default,cn=automount,dc=testipa,dc=lan"
modify complete

add objectClass:
automountMap
add automountMapName:
auto.master
adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=testipa,dc=lan"
modify complete

add objectClass:
automountMap
add automountMapName:
auto.direct
adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=testipa,dc=lan"
modify complete

add objectClass:
automount
add automountKey:
/-
add automountInformation:
auto.direct
add description:
/- auto.direct
adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
hbac
adding new entry "cn=hbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
hbacservices
adding new entry "cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
hbacservicegroups
adding new entry "cn=hbacservicegroups,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
sudo
adding new entry "cn=sudo,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
sudocmds
adding new entry "cn=sudocmds,cn=sudo,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
sudocmdgroups
adding new entry "cn=sudocmdgroups,cn=sudo,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
sudorules
adding new entry "cn=sudorules,cn=sudo,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
etc
adding new entry "cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
locations
adding new entry "cn=locations,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
sysaccounts
adding new entry "cn=sysaccounts,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
ipa
adding new entry "cn=ipa,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
masters
adding new entry "cn=masters,cn=ipa,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
replicas
adding new entry "cn=replicas,cn=ipa,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
dna
adding new entry "cn=dna,cn=ipa,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
posix-ids
adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
ca_renewal
adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
certificates
adding new entry "cn=certificates,cn=ipa,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
custodia
adding new entry "cn=custodia,cn=ipa,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
dogtag
adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
s4u2proxy
adding new entry "cn=s4u2proxy,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
ipaKrb5DelegationACL
groupOfPrincipals
top
add cn:
ipa-http-delegation
add memberPrincipal:
HTTP/ipa.testipa.lan@TESTIPA.LAN
add ipaAllowedTarget:
cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=testipa,dc=lan
cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=testipa,dc=lan
adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
groupOfPrincipals
top
add cn:
ipa-ldap-delegation-targets
add memberPrincipal:
ldap/ipa.testipa.lan@TESTIPA.LAN
adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
groupOfPrincipals
top
add cn:
ipa-cifs-delegation-targets
adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
top
person
posixaccount
krbprincipalaux
krbticketpolicyaux
inetuser
ipaobject
ipasshuser
add uid:
admin
add krbPrincipalName:
admin@TESTIPA.LAN
add cn:
Administrator
add sn:
Administrator
add uidNumber:
1745600000
add gidNumber:
1745600000
add homeDirectory:
/home/admin
add loginShell:
/bin/bash
add gecos:
Administrator
add nsAccountLock:
FALSE
add ipaUniqueID:
autogenerate
adding new entry "uid=admin,cn=users,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
posixgroup
ipausergroup
ipaobject
add cn:
admins
add description:
Account administrators group
add gidNumber:
1745600000
add member:
uid=admin,cn=users,cn=accounts,dc=testipa,dc=lan
add nsAccountLock:
FALSE
add ipaUniqueID:
autogenerate
adding new entry "cn=admins,cn=groups,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
ipausergroup
ipaobject
add description:
Default group for all users
add cn:
ipausers
add ipaUniqueID:
autogenerate
adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
posixgroup
ipausergroup
ipaobject
add gidNumber:
1745600002
add description:
Limited admins who can edit other users
add cn:
editors
add ipaUniqueID:
autogenerate
adding new entry "cn=editors,cn=groups,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupOfNames
nestedGroup
ipaobject
ipahostgroup
add description:
IPA server hosts
add cn:
ipaservers
add ipaUniqueID:
autogenerate
adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectclass:
ipahbacservice
ipaobject
add cn:
sshd
add description:
sshd
add ipauniqueid:
autogenerate
adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectclass:
ipahbacservice
ipaobject
add cn:
ftp
add description:
ftp
add ipauniqueid:
autogenerate
adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectclass:
ipahbacservice
ipaobject
add cn:
su
add description:
su
add ipauniqueid:
autogenerate
adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectclass:
ipahbacservice
ipaobject
add cn:
login
add description:
login
add ipauniqueid:
autogenerate
adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectclass:
ipahbacservice
ipaobject
add cn:
su-l
add description:
su with login shell
add ipauniqueid:
autogenerate
adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectclass:
ipahbacservice
ipaobject
add cn:
sudo
add description:
sudo
add ipauniqueid:
autogenerate
adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectclass:
ipahbacservice
ipaobject
add cn:
sudo-i
add description:
sudo-i
add ipauniqueid:
autogenerate
adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectclass:
ipahbacservice
ipaobject
add cn:
systemd-user
add description:
pam_systemd and systemd user@.service
add ipauniqueid:
autogenerate
adding new entry "cn=systemd-user,cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectclass:
ipahbacservice
ipaobject
add cn:
gdm
add description:
gdm
add ipauniqueid:
autogenerate
adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectclass:
ipahbacservice
ipaobject
add cn:
gdm-password
add description:
gdm-password
add ipauniqueid:
autogenerate
adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectclass:
ipahbacservice
ipaobject
add cn:
kdm
add description:
kdm
add ipauniqueid:
autogenerate
adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectClass:
ipaobject
ipahbacservicegroup
nestedGroup
groupOfNames
top
add cn:
Sudo
add ipauniqueid:
autogenerate
add description:
Default group of Sudo related services
add member:
cn=sudo,cn=hbacservices,cn=hbac,dc=testipa,dc=lan
cn=sudo-i,cn=hbacservices,cn=hbac,dc=testipa,dc=lan
adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
ipaGuiConfig
ipaConfigObject
add ipaUserSearchFields:
uid,givenname,sn,telephonenumber,ou,title
add ipaGroupSearchFields:
cn,description
add ipaSearchTimeLimit:
2
add ipaSearchRecordsLimit:
100
add ipaHomesRootDir:
/home
add ipaDefaultLoginShell:
/bin/sh
add ipaDefaultPrimaryGroup:
ipausers
add ipaMaxUsernameLength:
32
add ipaPwdExpAdvNotify:
4
add ipaGroupObjectClasses:
top
groupofnames
nestedgroup
ipausergroup
ipaobject
add ipaUserObjectClasses:
top
person
organizationalperson
inetorgperson
inetuser
posixaccount
krbprincipalaux
krbticketpolicyaux
ipaobject
ipasshuser
add ipaDefaultEmailDomain:
testipa.lan
add ipaMigrationEnabled:
FALSE
add ipaConfigString:
AllowNThash
KDC:Disable Last Success
add ipaSELinuxUserMapOrder:
guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
add ipaSELinuxUserMapDefault:
unconfined_u:s0-s0:c0.c1023
adding new entry "cn=ipaConfig,cn=etc,dc=testipa,dc=lan"
modify complete

add objectclass:
top
nsContainer
add cn:
cosTemplates
adding new entry "cn=cosTemplates,cn=accounts,dc=testipa,dc=lan"
modify complete

add description:
Password Policy based on group membership
add objectClass:
top
ldapsubentry
cosSuperDefinition
cosClassicDefinition
add cosTemplateDn:
cn=cosTemplates,cn=accounts,dc=testipa,dc=lan
add cosAttribute:
krbPwdPolicyReference override
add cosSpecifier:
memberOf
adding new entry "cn=Password Policy,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
selinux
adding new entry "cn=selinux,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
usermap
adding new entry "cn=usermap,cn=selinux,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
ranges
adding new entry "cn=ranges,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
top
ipaIDrange
ipaDomainIDRange
add cn:
TESTIPA.LAN_id_range
add ipaBaseID:
1745600000
add ipaIDRangeSize:
200000
add ipaRangeType:
ipa-local
adding new entry "cn=TESTIPA.LAN_id_range,cn=ranges,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
ca
adding new entry "cn=ca,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
certprofiles
adding new entry "cn=certprofiles,cn=ca,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
caacls
adding new entry "cn=caacls,cn=ca,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
cas
adding new entry "cn=cas,cn=ca,dc=testipa,dc=lan"
modify complete

2019-11-15T02:43:51Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:43:51Z DEBUG duration: 20 seconds
2019-11-15T02:43:51Z DEBUG [28/44]: adding delegation layout
2019-11-15T02:43:51Z DEBUG Starting external process
2019-11-15T02:43:51Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpKdZVKw -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:44:12Z DEBUG Process finished, return code=0
2019-11-15T02:44:12Z DEBUG stdout=add objectClass:
top
nsContainer
add cn:
roles
adding new entry "cn=roles,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
pbac
adding new entry "cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
privileges
adding new entry "cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
permissions
adding new entry "cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
helpdesk
add description:
Helpdesk
adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
User Administrators
add description:
User Administrators
adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Group Administrators
add description:
Group Administrators
adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Host Administrators
add description:
Host Administrators
adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Host Group Administrators
add description:
Host Group Administrators
adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Delegation Administrator
add description:
Role administration
adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
DNS Administrators
add description:
DNS Administrators
adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
DNS Servers
add description:
DNS Servers
adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Service Administrators
add description:
Service Administrators
adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Automount Administrators
add description:
Automount Administrators
adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Netgroups Administrators
add description:
Netgroups Administrators
adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Certificate Administrators
add description:
Certificate Administrators
adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Replication Administrators
add description:
Replication Administrators
add member:
cn=admins,cn=groups,cn=accounts,dc=testipa,dc=lan
adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Host Enrollment
add description:
Host Enrollment
adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Stage User Administrators
add description:
Stage User Administrators
adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
nestedgroup
add cn:
Stage User Provisioning
add description:
Stage User Provisioning
adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
ipapermission
add cn:
Add Replication Agreements
add ipapermissiontype:
SYSTEM
add member:
cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan
adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
ipapermission
add cn:
Modify Replication Agreements
add ipapermissiontype:
SYSTEM
add member:
cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan
adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
ipapermission
add cn:
Read Replication Agreements
add ipapermissiontype:
SYSTEM
add member:
cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan
adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
ipapermission
add cn:
Remove Replication Agreements
add ipapermissiontype:
SYSTEM
add member:
cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan
adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
ipapermission
add cn:
Modify DNA Range
add ipapermissiontype:
SYSTEM
add member:
cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan
adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add objectClass:
top
nsContainer
add cn:
virtual operations
adding new entry "cn=virtual operations,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
ipapermission
add cn:
Retrieve Certificates from the CA
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan
adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add aci:
(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=testipa,dc=lan" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=testipa,dc=lan";)
modifying entry "dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
ipapermission
add cn:
Request Certificate
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan
adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add aci:
(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=testipa,dc=lan" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=testipa,dc=lan";)
modifying entry "dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
ipapermission
add cn:
Request Certificates from a different host
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan
adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add aci:
(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=testipa,dc=lan" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=testipa,dc=lan";)
modifying entry "dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
ipapermission
add cn:
Get Certificates status from the CA
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan
adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add aci:
(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=testipa,dc=lan" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=testipa,dc=lan";)
modifying entry "dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
ipapermission
add cn:
Revoke Certificate
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan
adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add aci:
(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=testipa,dc=lan" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=testipa,dc=lan";)
modifying entry "dc=testipa,dc=lan"
modify complete

add objectClass:
top
groupofnames
ipapermission
add cn:
Certificate Remove Hold
add member:
cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=lan
adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=testipa,dc=lan"
modify complete

add aci:
(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=testipa,dc=lan" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=testipa,dc=lan";)
modifying entry "dc=testipa,dc=lan"
modify complete

2019-11-15T02:44:12Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:44:12Z DEBUG duration: 20 seconds
2019-11-15T02:44:12Z DEBUG [29/44]: creating container for managed entries
2019-11-15T02:44:12Z DEBUG Starting external process
2019-11-15T02:44:12Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpX_7TDG -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:44:32Z DEBUG Process finished, return code=0
2019-11-15T02:44:32Z DEBUG stdout=add objectClass:
nsContainer
top
add cn:
Managed Entries
adding new entry "cn=Managed Entries,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
Templates
adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=testipa,dc=lan"
modify complete

add objectClass:
nsContainer
top
add cn:
Definitions
adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=testipa,dc=lan"
modify complete

2019-11-15T02:44:32Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:44:32Z DEBUG duration: 20 seconds
2019-11-15T02:44:32Z DEBUG [30/44]: configuring user private groups
2019-11-15T02:44:32Z DEBUG Starting external process
2019-11-15T02:44:32Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmprgFNql -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:44:52Z DEBUG Process finished, return code=0
2019-11-15T02:44:52Z DEBUG stdout=add objectclass:
mepTemplateEntry
add cn:
UPG Template
add mepRDNAttr:
cn
add mepStaticAttr:
objectclass: posixgroup
objectclass: ipaobject
ipaUniqueId: autogenerate
add mepMappedAttr:
cn: $uid
gidNumber: $uidNumber
description: User private group for $uid
adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testipa,dc=lan"
modify complete

add objectclass:
extensibleObject
add cn:
UPG Definition
add originScope:
cn=users,cn=accounts,dc=testipa,dc=lan
add originFilter:
(&(objectclass=posixAccount)(!(description=no_upg)))
add managedBase:
cn=groups,cn=accounts,dc=testipa,dc=lan
add managedTemplate:
cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testipa,dc=lan
adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=testipa,dc=lan"
modify complete

2019-11-15T02:44:52Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:44:52Z DEBUG duration: 20 seconds
2019-11-15T02:44:52Z DEBUG [31/44]: configuring netgroups from hostgroups
2019-11-15T02:44:52Z DEBUG Starting external process
2019-11-15T02:44:52Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpYCtp0H -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:45:12Z DEBUG Process finished, return code=0
2019-11-15T02:45:12Z DEBUG stdout=add objectclass:
mepTemplateEntry
add cn:
NGP HGP Template
add mepRDNAttr:
cn
add mepStaticAttr:
ipaUniqueId: autogenerate
objectclass: ipanisnetgroup
objectclass: ipaobject
nisDomainName: testipa.lan
add mepMappedAttr:
cn: $cn
memberHost: $dn
description: ipaNetgroup $cn
adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testipa,dc=lan"
modify complete

add objectclass:
extensibleObject
add cn:
NGP Definition
add originScope:
cn=hostgroups,cn=accounts,dc=testipa,dc=lan
add originFilter:
objectclass=ipahostgroup
add managedBase:
cn=ng,cn=alt,dc=testipa,dc=lan
add managedTemplate:
cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testipa,dc=lan
adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=testipa,dc=lan"
modify complete

2019-11-15T02:45:12Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:45:12Z DEBUG duration: 20 seconds
2019-11-15T02:45:12Z DEBUG [32/44]: creating default Sudo bind user
2019-11-15T02:45:12Z DEBUG Starting external process
2019-11-15T02:45:12Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpibBmL7 -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:45:32Z DEBUG Process finished, return code=0
2019-11-15T02:45:32Z DEBUG stdout=add objectclass:
account
simplesecurityobject
add uid:
sudo
add userPassword:
XXXXXXXX
add passwordExpirationTime:
20380119031407Z
add nsIdleTimeout:
0
adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=testipa,dc=lan"
modify complete

2019-11-15T02:45:32Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:45:32Z DEBUG duration: 20 seconds
2019-11-15T02:45:32Z DEBUG [33/44]: creating default Auto Member layout
2019-11-15T02:45:32Z DEBUG Starting external process
2019-11-15T02:45:32Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpRYuxf2 -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:45:52Z DEBUG Process finished, return code=0
2019-11-15T02:45:52Z DEBUG stdout=add nsslapd-pluginConfigArea:
cn=automember,cn=etc,dc=testipa,dc=lan
modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsContainer
add cn:
automember
adding new entry "cn=automember,cn=etc,dc=testipa,dc=lan"
modify complete

add objectclass:
autoMemberDefinition
add cn:
Hostgroup
add autoMemberScope:
cn=computers,cn=accounts,dc=testipa,dc=lan
add autoMemberFilter:
objectclass=ipaHost
add autoMemberGroupingAttr:
member:dn
adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=testipa,dc=lan"
modify complete

add objectclass:
autoMemberDefinition
add cn:
Group
add autoMemberScope:
cn=users,cn=accounts,dc=testipa,dc=lan
add autoMemberFilter:
objectclass=posixAccount
add autoMemberGroupingAttr:
member:dn
adding new entry "cn=Group,cn=automember,cn=etc,dc=testipa,dc=lan"
modify complete

2019-11-15T02:45:52Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:45:52Z DEBUG duration: 20 seconds
2019-11-15T02:45:52Z DEBUG [34/44]: adding range check plugin
2019-11-15T02:45:52Z DEBUG Starting external process
2019-11-15T02:45:52Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpws2PCr -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:46:12Z DEBUG Process finished, return code=0
2019-11-15T02:46:12Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Range-Check
add nsslapd-pluginpath:
libipa_range_check
add nsslapd-plugininitfunc:
ipa_range_check_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_range_check_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Range-Check plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-basedn:
dc=testipa,dc=lan
adding new entry "cn=IPA Range-Check,cn=plugins,cn=config"
modify complete

2019-11-15T02:46:12Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:46:12Z DEBUG duration: 20 seconds
2019-11-15T02:46:12Z DEBUG [35/44]: creating default HBAC rule allow_all
2019-11-15T02:46:12Z DEBUG Starting external process
2019-11-15T02:46:12Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpkejr9N -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:46:32Z DEBUG Process finished, return code=0
2019-11-15T02:46:32Z DEBUG stdout=add objectclass:
ipaassociation
ipahbacrule
add cn:
allow_all
add accessruletype:
allow
add usercategory:
all
add hostcategory:
all
add servicecategory:
all
add ipaenabledflag:
TRUE
add description:
Allow all users to access any host from any host
add ipauniqueid:
autogenerate
adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=testipa,dc=lan"
modify complete

add objectclass:
ipaassociation
ipahbacrule
add cn:
allow_systemd-user
add accessruletype:
allow
add usercategory:
all
add hostcategory:
all
add memberService:
cn=systemd-user,cn=hbacservices,cn=hbac,dc=testipa,dc=lan
add ipaenabledflag:
TRUE
add description:
Allow pam_systemd to run user@.service to create a system user session
add ipauniqueid:
autogenerate
adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=testipa,dc=lan"
modify complete

2019-11-15T02:46:32Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:46:32Z DEBUG duration: 20 seconds
2019-11-15T02:46:32Z DEBUG [36/44]: adding entries for topology management
2019-11-15T02:46:32Z DEBUG Starting external process
2019-11-15T02:46:32Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpKGovyT -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:46:52Z DEBUG Process finished, return code=0
2019-11-15T02:46:52Z DEBUG stdout=add objectclass:
top
nsContainer
add cn:
topology
adding new entry "cn=topology,cn=ipa,cn=etc,dc=testipa,dc=lan"
modify complete

add objectclass:
top
iparepltopoconf
add ipaReplTopoConfRoot:
dc=testipa,dc=lan
add nsDS5ReplicatedAttributeList:
(objectclass=) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
add nsDS5ReplicatedAttributeListTotal:
(objectclass=) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
add nsds5ReplicaStripAttrs:
modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp
add cn:
domain
adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=testipa,dc=lan"
modify complete

2019-11-15T02:46:52Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:46:52Z DEBUG duration: 20 seconds
2019-11-15T02:46:52Z DEBUG [37/44]: initializing group membership
2019-11-15T02:46:52Z DEBUG Starting external process
2019-11-15T02:46:52Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpxuIlTs -H ldapi://%2fvar%2frun%2fslapd-TESTIPA-LAN.socket -Y EXTERNAL
2019-11-15T02:47:12Z DEBUG Process finished, return code=0
2019-11-15T02:47:12Z DEBUG stdout=add objectClass:
top
extensibleObject
add cn:
IPA install
add basedn:
dc=testipa,dc=lan
add filter:
(objectclass=*)
add ttl:
10
adding new entry "cn=IPA install 1573785362, cn=memberof task, cn=tasks, cn=config"
modify complete

2019-11-15T02:47:12Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TESTIPA-LAN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-11-15T02:47:12Z DEBUG Waiting for memberof task to complete.
2019-11-15T02:47:33Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 712, in init_memberof
replication.wait_for_task(conn, dn)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 171, in wait_for_task
entry = conn.get_entry(dn, attrlist)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1565, in get_entry
size_limit=size_limit, get_effective_rights=get_effective_rights,
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1377, in get_entries
**kwargs)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1515, in find_entries
break
File "/usr/lib64/python2.7/contextlib.py", line 35, in exit
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1026, in error_handler
raise errors.NotFound(reason=arg_desc or 'no such entry')
NotFound: no such entry

2019-11-15T02:47:33Z DEBUG [error] NotFound: no such entry
2019-11-15T02:47:33Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run
return cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 360, in run
return self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 386, in execute
for rval in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 655, in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install
for unused in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/init.py", line 590, in main
master_install(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 250, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 783, in install
setup_pkinit=not options.no_pkinit)
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 345, in create_instance
self.start_creation(runtime=30)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 712, in init_memberof
replication.wait_for_task(conn, dn)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 171, in wait_for_task
entry = conn.get_entry(dn, attrlist)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1565, in get_entry
size_limit=size_limit, get_effective_rights=get_effective_rights,
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1377, in get_entries
*kwargs)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1515, in find_entries
break
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1026, in error_handler
raise errors.NotFound(reason=arg_desc or 'no such entry')

2019-11-15T02:47:33Z DEBUG The ipa-server-install command failed, exception: NotFound: no such entry
2019-11-15T02:47:33Z ERROR no such entry
2019-11-15T02:47:33Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

The installation fails in step initializing group membership because the task entry is already garbage collected before the installer is able to retrieve the entry:

2019-11-15T02:47:12Z DEBUG ... adding new entry "cn=IPA install 1573785362, cn=memberof task, cn=tasks, cn=config"
2019-11-15T02:47:12Z DEBUG Waiting for memberof task to complete.
2019-11-15T02:47:33Z DEBUG Traceback (most recent call last):
...
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 171, in wait_for_task
...
NotFound: no such entry

What kind of hardware are you using? The installation started at 02:30:40Z and fails at 02:47:33Z during DS installation. That's way over 15 minutes. On a typical server machine the step is reached after 40-50 seconds.

I'm closing the issue because we haven't got a reply in three weeks. The issue is likely caused by too slow hardware.

Metadata Update from @cheimes:
- Issue close_status updated to: insufficientinfo
- Issue status updated to: Closed (was: Open)
4 years ago

Hello Christian

I'm sorry I didn't have time to respond. Thank you for the help. We've
decided to simply deploy with integrated DNS. Had no issues as a
result.

On Tue, Dec 10, 2019 at 12:39 AM Christian Heimes pagure@pagure.io wrote:

cheimes added a new comment to an issue you are following:
I'm closing the issue because we haven't got a reply in three weeks. The issue is likely caused by too slow hardware.

To reply, visit the link below or just reply to this email
https://pagure.io/freeipa/issue/8119

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.