#8137 reinstall failed in adding delegation layout
Closed: fixed 2 years ago by cheimes. Opened 2 years ago by diadormu.

I installed freeipa successful before,and uninstall it now to install with setup dns.

But it failed in "adding delegation layout" :

  [28/44]: adding delegation layout
ipaserver.install.service: CRITICAL Failed to load delegation.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmp5al6DX -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL' returned non-zero exit status 50
  [error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmp5al6DX -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL' returned non-zero exit status 50
ipapython.admintool: ERROR    Command '/usr/bin/ldapmodify -v -f /tmp/tmp5al6DX -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL' returned non-zero exit status 50

My freeipa server version is 4.6.5-11 , system is CentOS Linux release 7.7.1908

My install command:

sudo ipa-server-install --idstart 00000000 --idmax 99999999 --hostname=freeipa.rnd.test.net -a ipa123456 -p ipa123456 --domain=rnd.test.net --realm=RND.TEST.NET --setup-dns --no-forwarders -U

ipaserver-install.log :

2019-12-06T08:42:24Z DEBUG Logging to /var/log/ipaserver-install.log
2019-12-06T08:42:24Z INFO Checking DNS domain rnd.test.net, please wait ...
2019-12-06T08:42:24Z DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'ignore_topology_disconnect': False, 'verbose': False, 'domain_level': None, 'ip_addresses': None, 'secondary_rid_base': None, 'netbios_name': None, 'mkhomedir': False, 'http_cert_files': None, 'zonemgr': None, 'no_pkinit': False, 'reverse_zones': None, 'no_forwarders': True, 'external_ca_profile': None, 'external_ca_type': None, 'no_ntp': False, 'no_msdcs': False, 'setup_kra': False, 'domain_name': 'rnd.test.net', 'idmax': 99999999, 'setup_adtrust': False, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': False, 'ca_signing_algorithm': None, 'no_reverse': False, 'ssh_trust_dns': False, 'pkinit_cert_files': None, 'ca_cert_files': None, 'subject_base': None, 'auto_reverse': False, 'auto_forwarders': False, 'no_host_dns': False, 'no_sshd': False, 'no_ui_redirect': False, 'ignore_last_of_role': False, 'realm_name': 'RND.TEST.NET', 'forwarders': None, 'idstart': 0, 'external_ca': False, 'pkinit_cert_name': None, 'no_ssh': False, 'external_cert_files': None, 'enable_compat': False, 'no_hbac_allow': False, 'forward_policy': None, 'dirsrv_cert_name': None, 'unattended': True, 'rid_base': None, 'quiet': False, 'setup_dns': True, 'ca_subject': None, 'host_name': 'freeipa.rnd.test.net', 'dirsrv_config_file': None, 'log_file': None, 'allow_zone_overlap': False, 'uninstall': False}
2019-12-06T08:42:24Z DEBUG IPA version 4.6.5-11.el7.centos.3
2019-12-06T08:42:24Z DEBUG Searching for an interface of IP address: ::1
2019-12-06T08:42:24Z DEBUG Testing local IP address: ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (interface: lo)
2019-12-06T08:42:24Z DEBUG Starting external process
2019-12-06T08:42:24Z DEBUG args=/usr/sbin/selinuxenabled
2019-12-06T08:42:24Z DEBUG Process finished, return code=0
2019-12-06T08:42:24Z DEBUG stdout=
2019-12-06T08:42:24Z DEBUG stderr=
2019-12-06T08:42:24Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:24Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2019-12-06T08:42:24Z DEBUG httpd is not configured
2019-12-06T08:42:24Z DEBUG kadmin is not configured
2019-12-06T08:42:24Z DEBUG dirsrv is not configured
2019-12-06T08:42:24Z DEBUG pki-tomcatd is not configured
2019-12-06T08:42:24Z DEBUG install is not configured
2019-12-06T08:42:24Z DEBUG krb5kdc is not configured
2019-12-06T08:42:24Z DEBUG ntpd is not configured
2019-12-06T08:42:24Z DEBUG named is not configured
2019-12-06T08:42:24Z DEBUG filestore is tracking no files
2019-12-06T08:42:24Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2019-12-06T08:42:24Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2019-12-06T08:42:24Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:24Z DEBUG Starting external process
2019-12-06T08:42:24Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2019-12-06T08:42:24Z DEBUG Process finished, return code=1
2019-12-06T08:42:24Z DEBUG stdout=disabled

2019-12-06T08:42:24Z DEBUG stderr=
2019-12-06T08:42:24Z DEBUG Starting external process
2019-12-06T08:42:24Z DEBUG args=/bin/systemctl is-active chronyd.service
2019-12-06T08:42:24Z DEBUG Process finished, return code=3
2019-12-06T08:42:24Z DEBUG stdout=inactive

2019-12-06T08:42:24Z DEBUG stderr=
2019-12-06T08:42:24Z DEBUG Starting external process
2019-12-06T08:42:24Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
2019-12-06T08:42:24Z DEBUG Process finished, return code=0
2019-12-06T08:42:24Z DEBUG stdout=VirtualHost configuration:
*:8443                 freeipa.rnd.test.net (/etc/httpd/conf.d/nss.conf:81)

2019-12-06T08:42:24Z DEBUG stderr=
2019-12-06T08:42:24Z DEBUG Check if freeipa.rnd.test.net is a primary hostname for localhost
2019-12-06T08:42:24Z DEBUG Primary hostname for localhost: freeipa.rnd.test.net
2019-12-06T08:42:24Z DEBUG will use host_name: freeipa.rnd.test.net

2019-12-06T08:42:24Z DEBUG importing all plugin modules in ipaserver.plugins...
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.aci
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.automember
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.automount
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.baseldap
2019-12-06T08:42:24Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.baseuser
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.batch
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.ca
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.caacl
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.cert
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.certmap
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.certprofile
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.config
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.delegation
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.dns
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.dnsserver
2019-12-06T08:42:24Z DEBUG importing plugin module ipaserver.plugins.dogtag
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.domainlevel
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.group
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.hbac
2019-12-06T08:42:25Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.hbacrule
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.hbactest
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.host
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.hostgroup
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.idrange
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.idviews
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.internal
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.join
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.ldap2
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.location
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.migration
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.misc
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.netgroup
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.otp
2019-12-06T08:42:25Z DEBUG ipaserver.plugins.otp is not a valid plugin module
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.otpconfig
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.otptoken
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.passwd
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.permission
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.ping
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.pkinit
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.privilege
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.rabase
2019-12-06T08:42:25Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.realmdomains
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.role
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.schema
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.selfservice
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.server
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.serverrole
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.serverroles
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.service
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.session
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.stageuser
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.sudo
2019-12-06T08:42:25Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.sudorule
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.topology
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.trust
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.user
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.vault
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.virtual
2019-12-06T08:42:25Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.whoami
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2019-12-06T08:42:25Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.dns
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2019-12-06T08:42:25Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2019-12-06T08:42:27Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2019-12-06T08:42:27Z INFO Checking DNS domain rnd.test.net., please wait ...
2019-12-06T08:42:27Z DEBUG Name freeipa.rnd.test.net resolved to set([UnsafeIPAddress('172.16.17.134')])
2019-12-06T08:42:27Z DEBUG Searching for an interface of IP address: 172.16.17.134
2019-12-06T08:42:27Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo)
2019-12-06T08:42:27Z DEBUG Testing local IP address: 172.16.17.134/255.255.255.0 (interface: em1)
2019-12-06T08:42:27Z DEBUG IP address 172.16.17.134 belongs to a private range, using forward policy only
2019-12-06T08:42:27Z DEBUG will use DNS forwarders: []

2019-12-06T08:42:27Z DEBUG Backing up system configuration file '/etc/hostname'
2019-12-06T08:42:27Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-12-06T08:42:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:27Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:27Z DEBUG Starting external process
2019-12-06T08:42:27Z DEBUG args=/bin/hostnamectl set-hostname freeipa.rnd.test.net
2019-12-06T08:42:27Z DEBUG Process finished, return code=0
2019-12-06T08:42:27Z DEBUG stdout=
2019-12-06T08:42:27Z DEBUG stderr=
2019-12-06T08:42:27Z DEBUG Backing up system configuration file '/etc/hosts'
2019-12-06T08:42:27Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-12-06T08:42:27Z DEBUG Starting external process
2019-12-06T08:42:27Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2019-12-06T08:42:27Z DEBUG Process finished, return code=1
2019-12-06T08:42:27Z DEBUG stdout=disabled

2019-12-06T08:42:27Z DEBUG stderr=
2019-12-06T08:42:27Z DEBUG Starting external process
2019-12-06T08:42:27Z DEBUG args=/bin/systemctl is-active chronyd.service
2019-12-06T08:42:27Z DEBUG Process finished, return code=3
2019-12-06T08:42:27Z DEBUG stdout=inactive

2019-12-06T08:42:27Z DEBUG stderr=
2019-12-06T08:42:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:27Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2019-12-06T08:42:27Z DEBUG Configuring NTP daemon (ntpd)
2019-12-06T08:42:27Z DEBUG   [1/4]: stopping ntpd
2019-12-06T08:42:27Z DEBUG Starting external process
2019-12-06T08:42:27Z DEBUG args=/bin/systemctl is-active ntpd.service
2019-12-06T08:42:27Z DEBUG Process finished, return code=3
2019-12-06T08:42:27Z DEBUG stdout=inactive

2019-12-06T08:42:27Z DEBUG stderr=
2019-12-06T08:42:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:27Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:27Z DEBUG Starting external process
2019-12-06T08:42:27Z DEBUG args=/bin/systemctl stop ntpd.service
2019-12-06T08:42:27Z DEBUG Process finished, return code=0
2019-12-06T08:42:27Z DEBUG stdout=
2019-12-06T08:42:27Z DEBUG stderr=
2019-12-06T08:42:27Z DEBUG Stop of ntpd.service complete
2019-12-06T08:42:27Z DEBUG   duration: 0 seconds
2019-12-06T08:42:27Z DEBUG   [2/4]: writing configuration
2019-12-06T08:42:27Z DEBUG Backing up system configuration file '/etc/ntp.conf'
2019-12-06T08:42:27Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-12-06T08:42:27Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd'
2019-12-06T08:42:27Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-12-06T08:42:27Z DEBUG   duration: 0 seconds
2019-12-06T08:42:27Z DEBUG   [3/4]: configuring ntpd to start on boot
2019-12-06T08:42:27Z DEBUG Starting external process
2019-12-06T08:42:27Z DEBUG args=/bin/systemctl is-enabled ntpd.service
2019-12-06T08:42:27Z DEBUG Process finished, return code=1
2019-12-06T08:42:27Z DEBUG stdout=disabled

2019-12-06T08:42:27Z DEBUG stderr=
2019-12-06T08:42:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:27Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:27Z DEBUG Starting external process
2019-12-06T08:42:27Z DEBUG args=/bin/systemctl enable ntpd.service
2019-12-06T08:42:27Z DEBUG Process finished, return code=0
2019-12-06T08:42:27Z DEBUG stdout=
2019-12-06T08:42:27Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.

2019-12-06T08:42:27Z DEBUG   duration: 0 seconds
2019-12-06T08:42:27Z DEBUG   [4/4]: starting ntpd
2019-12-06T08:42:27Z DEBUG Starting external process
2019-12-06T08:42:27Z DEBUG args=/bin/systemctl start ntpd.service
2019-12-06T08:42:27Z DEBUG Process finished, return code=0
2019-12-06T08:42:27Z DEBUG stdout=
2019-12-06T08:42:27Z DEBUG stderr=
2019-12-06T08:42:27Z DEBUG Starting external process
2019-12-06T08:42:27Z DEBUG args=/bin/systemctl is-active ntpd.service
2019-12-06T08:42:27Z DEBUG Process finished, return code=0
2019-12-06T08:42:27Z DEBUG stdout=active

2019-12-06T08:42:27Z DEBUG stderr=
2019-12-06T08:42:27Z DEBUG Start of ntpd.service complete
2019-12-06T08:42:27Z DEBUG   duration: 0 seconds
2019-12-06T08:42:27Z DEBUG Done configuring NTP daemon (ntpd).
2019-12-06T08:42:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:27Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds
2019-12-06T08:42:27Z DEBUG   [1/44]: creating directory server instance
2019-12-06T08:42:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:27Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-12-06T08:42:27Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
2019-12-06T08:42:27Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-12-06T08:42:27Z DEBUG 
dn: dc=rnd,dc=test,dc=net
objectClass: top
objectClass: domain
objectClass: pilotObject
dc: rnd
info: IPA V2.0

2019-12-06T08:42:27Z DEBUG writing inf template
2019-12-06T08:42:27Z DEBUG 
[General]
FullMachineName=   freeipa.rnd.test.net
SuiteSpotUserID=   dirsrv
SuiteSpotGroup=    dirsrv
ServerRoot=    /usr/lib64/dirsrv
[slapd]
ServerPort=   389
ServerIdentifier=   RND-TEST-NET
Suffix=   dc=rnd,dc=test,dc=net
RootDN=   cn=Directory Manager
InstallLdifFile= /var/lib/dirsrv/boot.ldif
inst_dir=   /var/lib/dirsrv/scripts-RND-TEST-NET

2019-12-06T08:42:27Z DEBUG calling setup-ds.pl
2019-12-06T08:42:27Z DEBUG Starting external process
2019-12-06T08:42:27Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpYQY8ve
2019-12-06T08:42:36Z DEBUG Process finished, return code=0
2019-12-06T08:42:36Z DEBUG stdout=[19/12/06:16:42:36] - [Setup] Info Your new DS instance 'RND-TEST-NET' was successfully created.
Your new DS instance 'RND-TEST-NET' was successfully created.
[19/12/06:16:42:36] - [Setup] Success Exiting . . .
Log file is '-'

Exiting . . .
Log file is '-'


2019-12-06T08:42:36Z DEBUG stderr=
2019-12-06T08:42:36Z DEBUG completed creating DS instance
2019-12-06T08:42:36Z DEBUG   duration: 9 seconds
2019-12-06T08:42:36Z DEBUG   [2/44]: enabling ldapi
2019-12-06T08:42:36Z DEBUG Starting external process
2019-12-06T08:42:36Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp1u583t -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmpUyG3V8
2019-12-06T08:42:36Z DEBUG Process finished, return code=0
2019-12-06T08:42:36Z DEBUG stdout=replace nsslapd-ldapilisten:
    on
modifying entry "cn=config"
modify complete


2019-12-06T08:42:36Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )

2019-12-06T08:42:36Z DEBUG   duration: 0 seconds
2019-12-06T08:42:36Z DEBUG   [3/44]: configure autobind for root
2019-12-06T08:42:36Z DEBUG Starting external process
2019-12-06T08:42:36Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmpaPBsIX
2019-12-06T08:42:37Z DEBUG Process finished, return code=0
2019-12-06T08:42:37Z DEBUG stdout=add objectClass:
    extensibleObject
    top
add cn:
    root-autobind
add uidNumber:
    0
add gidNumber:
    0
adding new entry "cn=root-autobind,cn=config"
modify complete

replace nsslapd-ldapiautobind:
    on
modifying entry "cn=config"
modify complete

replace nsslapd-ldapimaptoentries:
    on
modifying entry "cn=config"
modify complete


2019-12-06T08:42:37Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )

2019-12-06T08:42:37Z DEBUG   duration: 0 seconds
2019-12-06T08:42:37Z DEBUG   [4/44]: stopping directory server
2019-12-06T08:42:37Z DEBUG Starting external process
2019-12-06T08:42:37Z DEBUG args=/bin/systemctl stop dirsrv@RND-TEST-NET.service
2019-12-06T08:42:39Z DEBUG Process finished, return code=0
2019-12-06T08:42:39Z DEBUG stdout=
2019-12-06T08:42:39Z DEBUG stderr=
2019-12-06T08:42:39Z DEBUG Stop of dirsrv@RND-TEST-NET.service complete
2019-12-06T08:42:39Z DEBUG   duration: 2 seconds
2019-12-06T08:42:39Z DEBUG   [5/44]: updating configuration in dse.ldif
2019-12-06T08:42:39Z DEBUG Starting external process
2019-12-06T08:42:39Z DEBUG args=/usr/sbin/selinuxenabled
2019-12-06T08:42:39Z DEBUG Process finished, return code=0
2019-12-06T08:42:39Z DEBUG stdout=
2019-12-06T08:42:39Z DEBUG stderr=
2019-12-06T08:42:39Z DEBUG Starting external process
2019-12-06T08:42:39Z DEBUG args=/sbin/restorecon /etc/dirsrv/slapd-RND-TEST-NET/dse.ldif
2019-12-06T08:42:39Z DEBUG Process finished, return code=0
2019-12-06T08:42:39Z DEBUG stdout=
2019-12-06T08:42:39Z DEBUG stderr=
2019-12-06T08:42:39Z DEBUG   duration: 0 seconds
2019-12-06T08:42:39Z DEBUG   [6/44]: starting directory server
2019-12-06T08:42:39Z DEBUG Starting external process
2019-12-06T08:42:39Z DEBUG args=/bin/systemctl start dirsrv@RND-TEST-NET.service
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=
2019-12-06T08:42:45Z DEBUG stderr=
2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/bin/systemctl is-active dirsrv@RND-TEST-NET.service
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=active

2019-12-06T08:42:45Z DEBUG stderr=
2019-12-06T08:42:45Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2019-12-06T08:42:45Z DEBUG waiting for port: 389
2019-12-06T08:42:45Z DEBUG SUCCESS: port: 389
2019-12-06T08:42:45Z DEBUG Start of dirsrv@RND-TEST-NET.service complete
2019-12-06T08:42:45Z DEBUG Created connection context.ldap2_140408339029712
2019-12-06T08:42:45Z DEBUG   duration: 6 seconds
2019-12-06T08:42:45Z DEBUG   [7/44]: adding default schema
2019-12-06T08:42:45Z DEBUG   duration: 0 seconds
2019-12-06T08:42:45Z DEBUG   [8/44]: enabling memberof plugin
2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=replace nsslapd-pluginenabled:
    on
add memberofgroupattr:
    memberUser
add memberofgroupattr:
    memberHost
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:45Z DEBUG   duration: 0 seconds
2019-12-06T08:42:45Z DEBUG   [9/44]: enabling winsync plugin
2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    ipa-winsync
add nsslapd-pluginpath:
    libipa_winsync
add nsslapd-plugininitfunc:
    ipa_winsync_plugin_init
add nsslapd-pluginDescription:
    Allows IPA to work with the DS windows sync feature
add nsslapd-pluginid:
    ipa-winsync
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    Red Hat
add nsslapd-plugintype:
    preoperation
add nsslapd-pluginenabled:
    on
add nsslapd-plugin-depends-on-type:
    database
add ipaWinSyncRealmFilter:
    (objectclass=krbRealmContainer)
add ipaWinSyncRealmAttr:
    cn
add ipaWinSyncNewEntryFilter:
    (cn=ipaConfig)
add ipaWinSyncNewUserOCAttr:
    ipauserobjectclasses
add ipaWinSyncUserFlatten:
    true
add ipaWinsyncHomeDirAttr:
    ipaHomesRootDir
add ipaWinsyncLoginShellAttr:
    ipaDefaultLoginShell
add ipaWinSyncDefaultGroupAttr:
    ipaDefaultPrimaryGroup
add ipaWinSyncDefaultGroupFilter:
    (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
add ipaWinSyncAcctDisable:
    both
add ipaWinSyncForceSync:
    true
add ipaWinSyncUserAttr:
    uidNumber -1
    gidNumber -1
adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:45Z DEBUG   duration: 0 seconds
2019-12-06T08:42:45Z DEBUG   [10/44]: configuring replication version plugin
2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    IPA Version Replication
add nsslapd-pluginpath:
    libipa_repl_version
add nsslapd-plugininitfunc:
    repl_version_plugin_init
add nsslapd-plugintype:
    preoperation
add nsslapd-pluginenabled:
    off
add nsslapd-pluginid:
    ipa_repl_version
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    Red Hat, Inc.
add nsslapd-plugindescription:
    IPA Replication version plugin
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-plugin-depends-on-named:
    Multimaster Replication Plugin
adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:45Z DEBUG   duration: 0 seconds
2019-12-06T08:42:45Z DEBUG   [11/44]: enabling IPA enrollment plugin
2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpKYNCPA -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    ipa_enrollment_extop
add nsslapd-pluginpath:
    libipa_enrollment_extop
add nsslapd-plugininitfunc:
    ipaenrollment_init
add nsslapd-plugintype:
    extendedop
add nsslapd-pluginenabled:
    on
add nsslapd-pluginid:
    ipa_enrollment_extop
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    RedHat
add nsslapd-plugindescription:
    Enroll hosts into the IPA domain
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-realmTree:
    dc=rnd,dc=test,dc=net
adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:45Z DEBUG   duration: 0 seconds
2019-12-06T08:42:45Z DEBUG   [12/44]: configuring uniqueness plugin
2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpIEqbof -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    krbPrincipalName uniqueness
add nsslapd-pluginPath:
    libattr-unique-plugin
add nsslapd-pluginInitfunc:
    NSUniqueAttr_Init
add nsslapd-pluginType:
    preoperation
add nsslapd-pluginEnabled:
    on
add uniqueness-attribute-name:
    krbPrincipalName
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginId:
    NSUniqueAttr
add nsslapd-pluginVersion:
    1.1.0
add nsslapd-pluginVendor:
    Fedora Project
add nsslapd-pluginDescription:
    Enforce unique attribute values
add uniqueness-subtrees:
    dc=rnd,dc=test,dc=net
add uniqueness-exclude-subtrees:
    cn=staged users,cn=accounts,cn=provisioning,dc=rnd,dc=test,dc=net
add uniqueness-across-all-subtrees:
    on
adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    krbCanonicalName uniqueness
add nsslapd-pluginPath:
    libattr-unique-plugin
add nsslapd-pluginInitfunc:
    NSUniqueAttr_Init
add nsslapd-pluginType:
    preoperation
add nsslapd-pluginEnabled:
    on
add uniqueness-attribute-name:
    krbCanonicalName
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginId:
    NSUniqueAttr
add nsslapd-pluginVersion:
    1.1.0
add nsslapd-pluginVendor:
    Fedora Project
add nsslapd-pluginDescription:
    Enforce unique attribute values
add uniqueness-subtrees:
    dc=rnd,dc=test,dc=net
add uniqueness-exclude-subtrees:
    cn=staged users,cn=accounts,cn=provisioning,dc=rnd,dc=test,dc=net
add uniqueness-across-all-subtrees:
    on
adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    netgroup uniqueness
add nsslapd-pluginPath:
    libattr-unique-plugin
add nsslapd-pluginInitfunc:
    NSUniqueAttr_Init
add nsslapd-pluginType:
    preoperation
add nsslapd-pluginEnabled:
    on
add uniqueness-attribute-name:
    cn
add uniqueness-subtrees:
    cn=ng,cn=alt,dc=rnd,dc=test,dc=net
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginId:
    NSUniqueAttr
add nsslapd-pluginVersion:
    1.1.0
add nsslapd-pluginVendor:
    Fedora Project
add nsslapd-pluginDescription:
    Enforce unique attribute values
adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    ipaUniqueID uniqueness
add nsslapd-pluginPath:
    libattr-unique-plugin
add nsslapd-pluginInitfunc:
    NSUniqueAttr_Init
add nsslapd-pluginType:
    preoperation
add nsslapd-pluginEnabled:
    on
add uniqueness-attribute-name:
    ipaUniqueID
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginId:
    NSUniqueAttr
add nsslapd-pluginVersion:
    1.1.0
add nsslapd-pluginVendor:
    Fedora Project
add nsslapd-pluginDescription:
    Enforce unique attribute values
add uniqueness-subtrees:
    dc=rnd,dc=test,dc=net
add uniqueness-exclude-subtrees:
    cn=staged users,cn=accounts,cn=provisioning,dc=rnd,dc=test,dc=net
add uniqueness-across-all-subtrees:
    on
adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    sudorule name uniqueness
add nsslapd-pluginDescription:
    Enforce unique attribute values
add nsslapd-pluginPath:
    libattr-unique-plugin
add nsslapd-pluginInitfunc:
    NSUniqueAttr_Init
add nsslapd-pluginType:
    preoperation
add nsslapd-pluginEnabled:
    on
add uniqueness-attribute-name:
    cn
add uniqueness-subtrees:
    cn=sudorules,cn=sudo,dc=rnd,dc=test,dc=net
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginId:
    NSUniqueAttr
add nsslapd-pluginVersion:
    1.1.0
add nsslapd-pluginVendor:
    Fedora Project
adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:45Z DEBUG   duration: 0 seconds
2019-12-06T08:42:45Z DEBUG   [13/44]: configuring uuid plugin
2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    IPA UUID
add nsslapd-pluginpath:
    libipa_uuid
add nsslapd-plugininitfunc:
    ipauuid_init
add nsslapd-plugintype:
    preoperation
add nsslapd-pluginenabled:
    on
add nsslapd-pluginid:
    ipauuid_version
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    Red Hat, Inc.
add nsslapd-plugindescription:
    IPA UUID plugin
add nsslapd-plugin-depends-on-type:
    database
adding new entry "cn=IPA UUID,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpyrsjzO -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=add objectclass:
    top
    extensibleObject
add cn:
    IPA Unique IDs
add ipaUuidAttr:
    ipaUniqueID
add ipaUuidMagicRegen:
    autogenerate
add ipaUuidFilter:
    (|(objectclass=ipaObject)(objectclass=ipaAssociation))
add ipaUuidScope:
    dc=rnd,dc=test,dc=net
add ipaUuidEnforce:
    TRUE
adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete

add objectclass:
    top
    extensibleObject
add cn:
    IPK11 Unique IDs
add ipaUuidAttr:
    ipk11UniqueID
add ipaUuidMagicRegen:
    autogenerate
add ipaUuidFilter:
    (objectclass=ipk11Object)
add ipaUuidScope:
    dc=rnd,dc=test,dc=net
add ipaUuidEnforce:
    FALSE
adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:45Z DEBUG   duration: 0 seconds
2019-12-06T08:42:45Z DEBUG   [14/44]: configuring modrdn plugin
2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    IPA MODRDN
add nsslapd-pluginpath:
    libipa_modrdn
add nsslapd-plugininitfunc:
    ipamodrdn_init
add nsslapd-plugintype:
    betxnpostoperation
add nsslapd-pluginenabled:
    on
add nsslapd-pluginid:
    ipamodrdn_version
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    Red Hat, Inc.
add nsslapd-plugindescription:
    IPA MODRDN plugin
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginPrecedence:
    60
adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpgczr8G -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=add objectclass:
    top
    extensibleObject
add cn:
    Kerberos Principal Name
add ipaModRDNsourceAttr:
    uid
add ipaModRDNtargetAttr:
    krbPrincipalName
add ipaModRDNsuffix:
    @RND.TEST.NET
add ipaModRDNfilter:
    (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
    dc=rnd,dc=test,dc=net
adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete

add objectclass:
    top
    extensibleObject
add cn:
    Kerberos Canonical Name
add ipaModRDNsourceAttr:
    uid
add ipaModRDNtargetAttr:
    krbCanonicalName
add ipaModRDNsuffix:
    @RND.TEST.NET
add ipaModRDNfilter:
    (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
    dc=rnd,dc=test,dc=net
adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:45Z DEBUG   duration: 0 seconds
2019-12-06T08:42:45Z DEBUG   [15/44]: configuring DNS plugin
2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:45Z DEBUG Process finished, return code=0
2019-12-06T08:42:45Z DEBUG stdout=add objectclass:
    top
    nsslapdPlugin
    extensibleObject
add cn:
    IPA DNS
add nsslapd-plugindescription:
    IPA DNS support plugin
add nsslapd-pluginenabled:
    on
add nsslapd-pluginid:
    ipa_dns
add nsslapd-plugininitfunc:
    ipadns_init
add nsslapd-pluginpath:
    libipa_dns.so
add nsslapd-plugintype:
    preoperation
add nsslapd-pluginvendor:
    Red Hat, Inc.
add nsslapd-pluginversion:
    1.0
add nsslapd-plugin-depends-on-type:
    database
adding new entry "cn=IPA DNS,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:45Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:45Z DEBUG   duration: 0 seconds
2019-12-06T08:42:45Z DEBUG   [16/44]: enabling entryUSN plugin
2019-12-06T08:42:45Z DEBUG Starting external process
2019-12-06T08:42:45Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:46Z DEBUG Process finished, return code=0
2019-12-06T08:42:46Z DEBUG stdout=replace nsslapd-entryusn-global:
    on
modifying entry "cn=config"
modify complete

replace nsslapd-entryusn-import-initval:
    next
modifying entry "cn=config"
modify complete

replace nsslapd-pluginenabled:
    on
modifying entry "cn=USN,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:46Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:46Z DEBUG   duration: 0 seconds
2019-12-06T08:42:46Z DEBUG   [17/44]: configuring lockout plugin
2019-12-06T08:42:46Z DEBUG Starting external process
2019-12-06T08:42:46Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:46Z DEBUG Process finished, return code=0
2019-12-06T08:42:46Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    IPA Lockout
add nsslapd-pluginpath:
    libipa_lockout
add nsslapd-plugininitfunc:
    ipalockout_init
add nsslapd-plugintype:
    object
add nsslapd-pluginenabled:
    on
add nsslapd-pluginid:
    ipalockout_version
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    Red Hat, Inc.
add nsslapd-plugindescription:
    IPA Lockout plugin
add nsslapd-plugin-depends-on-type:
    database
adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:46Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:46Z DEBUG   duration: 0 seconds
2019-12-06T08:42:46Z DEBUG   [18/44]: configuring topology plugin
2019-12-06T08:42:46Z DEBUG Starting external process
2019-12-06T08:42:46Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpcx_uXs -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:46Z DEBUG Process finished, return code=0
2019-12-06T08:42:46Z DEBUG stdout=add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    IPA Topology Configuration
add nsslapd-pluginPath:
    libtopology
add nsslapd-pluginInitfunc:
    ipa_topo_init
add nsslapd-pluginType:
    object
add nsslapd-pluginEnabled:
    on
add nsslapd-topo-plugin-shared-config-base:
    cn=ipa,cn=etc,dc=rnd,dc=test,dc=net
add nsslapd-topo-plugin-shared-replica-root:
    dc=rnd,dc=test,dc=net
    o=ipaca
add nsslapd-topo-plugin-shared-binddngroup:
    cn=replication managers,cn=sysaccounts,cn=etc,dc=rnd,dc=test,dc=net
add nsslapd-topo-plugin-startup-delay:
    20
add nsslapd-pluginId:
    none
add nsslapd-plugin-depends-on-named:
    ldbm database
    Multimaster Replication Plugin
add nsslapd-pluginVersion:
    1.0
add nsslapd-pluginVendor:
    none
add nsslapd-pluginDescription:
    none
adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:46Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:46Z DEBUG   duration: 0 seconds
2019-12-06T08:42:46Z DEBUG   [19/44]: creating indices
2019-12-06T08:42:46Z DEBUG Starting external process
2019-12-06T08:42:46Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:46Z DEBUG Process finished, return code=0
2019-12-06T08:42:46Z DEBUG stdout=add objectClass:
    top
    nsIndex
add cn:
    krbPrincipalName
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
add nsMatchingRule:
    caseIgnoreIA5Match
    caseExactIA5Match
adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    ou
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    carLicense
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    title
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    manager
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    secretary
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    displayname
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add nsIndexType:
    sub
modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    uidnumber
add nsSystemIndex:
    false
add nsIndexType:
    eq
add nsMatchingRule:
    integerOrderingMatch
adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    gidnumber
add nsSystemIndex:
    false
add nsIndexType:
    eq
add nsMatchingRule:
    integerOrderingMatch
adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

replace nsIndexType:
    eq
    pres
modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

replace nsIndexType:
    eq
    pres
modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add ObjectClass:
    top
    nsIndex
add cn:
    fqdn
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add ObjectClass:
    top
    nsIndex
add cn:
    macAddress
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    memberHost
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    memberUser
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    sourcehost
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    memberservice
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    managedby
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    memberallowcmd
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    memberdenycmd
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    ipasudorunas
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    ipasudorunasgroup
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    automountkey
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    automountMapName
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    ipaConfigString
add objectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    ipaEnabledFlag
add objectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    ipaKrbAuthzData
add objectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    ipakrbprincipalalias
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    ipauniqueid
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    ipaMemberCa
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    ipaMemberCertProfile
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    userCertificate
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    ipalocation
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    krbCanonicalName
add objectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    serverhostname
add objectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    description
add objectClass:
    top
    nsindex
add nssystemindex:
    false
add nsindextype:
    eq
    sub
adding new entry "cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    l
add objectClass:
    top
    nsindex
add nssystemindex:
    false
add nsindextype:
    eq
    sub
adding new entry "cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    nsOsVersion
add objectClass:
    top
    nsindex
add nssystemindex:
    false
add nsindextype:
    eq
    sub
adding new entry "cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    nsHardwarePlatform
add objectClass:
    top
    nsindex
add nssystemindex:
    false
add nsindextype:
    eq
    sub
adding new entry "cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    nsHostLocation
add objectClass:
    top
    nsindex
add nssystemindex:
    false
add nsindextype:
    eq
    sub
adding new entry "cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    ipServicePort
add objectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    accessRuleType
add objectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    hostCategory
add objectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
    idnsName
add objectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:46Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:46Z DEBUG   duration: 0 seconds
2019-12-06T08:42:46Z DEBUG   [20/44]: enabling referential integrity plugin
2019-12-06T08:42:46Z DEBUG Starting external process
2019-12-06T08:42:46Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:46Z DEBUG Process finished, return code=0
2019-12-06T08:42:46Z DEBUG stdout=replace nsslapd-pluginenabled:
    on
modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:46Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:46Z DEBUG   duration: 0 seconds
2019-12-06T08:42:46Z DEBUG   [21/44]: configuring certmap.conf
2019-12-06T08:42:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-12-06T08:42:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-12-06T08:42:46Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-12-06T08:42:46Z DEBUG   duration: 0 seconds
2019-12-06T08:42:46Z DEBUG   [22/44]: configure new location for managed entries
2019-12-06T08:42:46Z DEBUG Starting external process
2019-12-06T08:42:46Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpZTcfqq -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:46Z DEBUG Process finished, return code=0
2019-12-06T08:42:46Z DEBUG stdout=add nsslapd-pluginConfigArea:
    cn=Definitions,cn=Managed Entries,cn=etc,dc=rnd,dc=test,dc=net
modifying entry "cn=Managed Entries,cn=plugins,cn=config"
modify complete


2019-12-06T08:42:46Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:46Z DEBUG   duration: 0 seconds
2019-12-06T08:42:46Z DEBUG   [23/44]: configure dirsrv ccache
2019-12-06T08:42:46Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
2019-12-06T08:42:46Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2019-12-06T08:42:46Z DEBUG Starting external process
2019-12-06T08:42:46Z DEBUG args=/usr/sbin/selinuxenabled
2019-12-06T08:42:46Z DEBUG Process finished, return code=0
2019-12-06T08:42:46Z DEBUG stdout=
2019-12-06T08:42:46Z DEBUG stderr=
2019-12-06T08:42:46Z DEBUG Starting external process
2019-12-06T08:42:46Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv
2019-12-06T08:42:46Z DEBUG Process finished, return code=0
2019-12-06T08:42:46Z DEBUG stdout=
2019-12-06T08:42:46Z DEBUG stderr=
2019-12-06T08:42:46Z DEBUG   duration: 0 seconds
2019-12-06T08:42:46Z DEBUG   [24/44]: enabling SASL mapping fallback
2019-12-06T08:42:46Z DEBUG Starting external process
2019-12-06T08:42:46Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpaCwVem -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:46Z DEBUG Process finished, return code=0
2019-12-06T08:42:46Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
    on
modifying entry "cn=config"
modify complete


2019-12-06T08:42:46Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:46Z DEBUG   duration: 0 seconds
2019-12-06T08:42:46Z DEBUG   [25/44]: restarting directory server
2019-12-06T08:42:46Z DEBUG Destroyed connection context.ldap2_140408339029712
2019-12-06T08:42:46Z DEBUG Starting external process
2019-12-06T08:42:46Z DEBUG args=/bin/systemctl --system daemon-reload
2019-12-06T08:42:46Z DEBUG Process finished, return code=0
2019-12-06T08:42:46Z DEBUG stdout=
2019-12-06T08:42:46Z DEBUG stderr=
2019-12-06T08:42:46Z DEBUG Starting external process
2019-12-06T08:42:46Z DEBUG args=/bin/systemctl restart dirsrv@RND-TEST-NET.service
2019-12-06T08:42:54Z DEBUG Process finished, return code=0
2019-12-06T08:42:54Z DEBUG stdout=
2019-12-06T08:42:54Z DEBUG stderr=
2019-12-06T08:42:54Z DEBUG Starting external process
2019-12-06T08:42:54Z DEBUG args=/bin/systemctl is-active dirsrv@RND-TEST-NET.service
2019-12-06T08:42:54Z DEBUG Process finished, return code=0
2019-12-06T08:42:54Z DEBUG stdout=active

2019-12-06T08:42:54Z DEBUG stderr=
2019-12-06T08:42:54Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2019-12-06T08:42:54Z DEBUG waiting for port: 389
2019-12-06T08:42:54Z DEBUG SUCCESS: port: 389
2019-12-06T08:42:54Z DEBUG Restart of dirsrv@RND-TEST-NET.service complete
2019-12-06T08:42:54Z DEBUG Starting external process
2019-12-06T08:42:54Z DEBUG args=/bin/systemctl is-active dirsrv@RND-TEST-NET.service
2019-12-06T08:42:54Z DEBUG Process finished, return code=0
2019-12-06T08:42:54Z DEBUG stdout=active

2019-12-06T08:42:54Z DEBUG stderr=
2019-12-06T08:42:54Z DEBUG Created connection context.ldap2_140408339029712
2019-12-06T08:42:54Z DEBUG   duration: 7 seconds
2019-12-06T08:42:54Z DEBUG   [26/44]: adding sasl mappings to the directory
2019-12-06T08:42:54Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket from SchemaCache
2019-12-06T08:42:54Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7fb36ef02488>
2019-12-06T08:42:55Z DEBUG   duration: 0 seconds
2019-12-06T08:42:55Z DEBUG   [27/44]: adding default layout
2019-12-06T08:42:55Z DEBUG Starting external process
2019-12-06T08:42:55Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpGE7Jww -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:55Z DEBUG Process finished, return code=0
2019-12-06T08:42:55Z DEBUG stdout=add objectClass:
    top
    nsContainer
add cn:
    accounts
adding new entry "cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    users
adding new entry "cn=users,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    groups
adding new entry "cn=groups,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    services
adding new entry "cn=services,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    computers
adding new entry "cn=computers,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    hostgroups
adding new entry "cn=hostgroups,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    ipservices
adding new entry "cn=ipservices,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
add cn:
    alt
adding new entry "cn=alt,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
add cn:
    ng
adding new entry "cn=ng,cn=alt,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
add cn:
    automount
adding new entry "cn=automount,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
add cn:
    default
adding new entry "cn=default,cn=automount,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    automountMap
add automountMapName:
    auto.master
adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    automountMap
add automountMapName:
    auto.direct
adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    automount
add automountKey:
    /-
add automountInformation:
    auto.direct
add description:
    /- auto.direct
adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    hbac
adding new entry "cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    hbacservices
adding new entry "cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    hbacservicegroups
adding new entry "cn=hbacservicegroups,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    sudo
adding new entry "cn=sudo,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    sudocmds
adding new entry "cn=sudocmds,cn=sudo,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    sudocmdgroups
adding new entry "cn=sudocmdgroups,cn=sudo,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    sudorules
adding new entry "cn=sudorules,cn=sudo,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    etc
adding new entry "cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    locations
adding new entry "cn=locations,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    sysaccounts
adding new entry "cn=sysaccounts,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    ipa
adding new entry "cn=ipa,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    masters
adding new entry "cn=masters,cn=ipa,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    replicas
adding new entry "cn=replicas,cn=ipa,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    dna
adding new entry "cn=dna,cn=ipa,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    posix-ids
adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    ca_renewal
adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    certificates
adding new entry "cn=certificates,cn=ipa,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    custodia
adding new entry "cn=custodia,cn=ipa,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    dogtag
adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    s4u2proxy
adding new entry "cn=s4u2proxy,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    ipaKrb5DelegationACL
    groupOfPrincipals
    top
add cn:
    ipa-http-delegation
add memberPrincipal:
    HTTP/freeipa.rnd.test.net@RND.TEST.NET
add ipaAllowedTarget:
    cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rnd,dc=test,dc=net
    cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rnd,dc=test,dc=net
adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    groupOfPrincipals
    top
add cn:
    ipa-ldap-delegation-targets
add memberPrincipal:
    ldap/freeipa.rnd.test.net@RND.TEST.NET
adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    groupOfPrincipals
    top
add cn:
    ipa-cifs-delegation-targets
adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    person
    posixaccount
    krbprincipalaux
    krbticketpolicyaux
    inetuser
    ipaobject
    ipasshuser
add uid:
    admin
add krbPrincipalName:
    admin@RND.TEST.NET
add cn:
    Administrator
add sn:
    Administrator
add uidNumber:
    0
add gidNumber:
    0
add homeDirectory:
    /home/admin
add loginShell:
    /bin/bash
add gecos:
    Administrator
add nsAccountLock:
    FALSE
add ipaUniqueID:
    autogenerate
adding new entry "uid=admin,cn=users,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    groupofnames
    posixgroup
    ipausergroup
    ipaobject
add cn:
    admins
add description:
    Account administrators group
add gidNumber:
    0
add member:
    uid=admin,cn=users,cn=accounts,dc=rnd,dc=test,dc=net
add nsAccountLock:
    FALSE
add ipaUniqueID:
    autogenerate
adding new entry "cn=admins,cn=groups,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    groupofnames
    nestedgroup
    ipausergroup
    ipaobject
add description:
    Default group for all users
add cn:
    ipausers
add ipaUniqueID:
    autogenerate
adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    groupofnames
    posixgroup
    ipausergroup
    ipaobject
add gidNumber:
    2
add description:
    Limited admins who can edit other users
add cn:
    editors
add ipaUniqueID:
    autogenerate
adding new entry "cn=editors,cn=groups,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    groupOfNames
    nestedGroup
    ipaobject
    ipahostgroup
add description:
    IPA server hosts
add cn:
    ipaservers
add ipaUniqueID:
    autogenerate
adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    ipahbacservice
    ipaobject
add cn:
    sshd
add description:
    sshd
add ipauniqueid:
    autogenerate
adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    ipahbacservice
    ipaobject
add cn:
    ftp
add description:
    ftp
add ipauniqueid:
    autogenerate
adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    ipahbacservice
    ipaobject
add cn:
    su
add description:
    su
add ipauniqueid:
    autogenerate
adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    ipahbacservice
    ipaobject
add cn:
    login
add description:
    login
add ipauniqueid:
    autogenerate
adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    ipahbacservice
    ipaobject
add cn:
    su-l
add description:
    su with login shell
add ipauniqueid:
    autogenerate
adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    ipahbacservice
    ipaobject
add cn:
    sudo
add description:
    sudo
add ipauniqueid:
    autogenerate
adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    ipahbacservice
    ipaobject
add cn:
    sudo-i
add description:
    sudo-i
add ipauniqueid:
    autogenerate
adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    ipahbacservice
    ipaobject
add cn:
    systemd-user
add description:
    pam_systemd and systemd user@.service
add ipauniqueid:
    autogenerate
adding new entry "cn=systemd-user,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    ipahbacservice
    ipaobject
add cn:
    gdm
add description:
    gdm
add ipauniqueid:
    autogenerate
adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    ipahbacservice
    ipaobject
add cn:
    gdm-password
add description:
    gdm-password
add ipauniqueid:
    autogenerate
adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    ipahbacservice
    ipaobject
add cn:
    kdm
add description:
    kdm
add ipauniqueid:
    autogenerate
adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    ipaobject
    ipahbacservicegroup
    nestedGroup
    groupOfNames
    top
add cn:
    Sudo
add ipauniqueid:
    autogenerate
add description:
    Default group of Sudo related services
add member:
    cn=sudo,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net
    cn=sudo-i,cn=hbacservices,cn=hbac,dc=rnd,dc=test,dc=net
adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
    ipaGuiConfig
    ipaConfigObject
add ipaUserSearchFields:
    uid,givenname,sn,telephonenumber,ou,title
add ipaGroupSearchFields:
    cn,description
add ipaSearchTimeLimit:
    2
add ipaSearchRecordsLimit:
    100
add ipaHomesRootDir:
    /home
add ipaDefaultLoginShell:
    /bin/sh
add ipaDefaultPrimaryGroup:
    ipausers
add ipaMaxUsernameLength:
    32
add ipaPwdExpAdvNotify:
    4
add ipaGroupObjectClasses:
    top
    groupofnames
    nestedgroup
    ipausergroup
    ipaobject
add ipaUserObjectClasses:
    top
    person
    organizationalperson
    inetorgperson
    inetuser
    posixaccount
    krbprincipalaux
    krbticketpolicyaux
    ipaobject
    ipasshuser
add ipaDefaultEmailDomain:
    rnd.test.net
add ipaMigrationEnabled:
    FALSE
add ipaConfigString:
    AllowNThash
    KDC:Disable Last Success
add ipaSELinuxUserMapOrder:
    guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
add ipaSELinuxUserMapDefault:
    unconfined_u:s0-s0:c0.c1023
adding new entry "cn=ipaConfig,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectclass:
    top
    nsContainer
add cn:
    cosTemplates
adding new entry "cn=cosTemplates,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add description:
    Password Policy based on group membership
add objectClass:
    top
    ldapsubentry
    cosSuperDefinition
    cosClassicDefinition
add cosTemplateDn:
    cn=cosTemplates,cn=accounts,dc=rnd,dc=test,dc=net
add cosAttribute:
    krbPwdPolicyReference override
add cosSpecifier:
    memberOf
adding new entry "cn=Password Policy,cn=accounts,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    selinux
adding new entry "cn=selinux,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    usermap
adding new entry "cn=usermap,cn=selinux,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    nsContainer
add cn:
    ranges
adding new entry "cn=ranges,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    top
    ipaIDrange
    ipaDomainIDRange
add cn:
    RND.TEST.NET_id_range
add ipaBaseID:
    0
add ipaIDRangeSize:
    100000000
add ipaRangeType:
    ipa-local
adding new entry "cn=RND.TEST.NET_id_range,cn=ranges,cn=etc,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    ca
adding new entry "cn=ca,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    certprofiles
adding new entry "cn=certprofiles,cn=ca,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    caacls
adding new entry "cn=caacls,cn=ca,dc=rnd,dc=test,dc=net"
modify complete

add objectClass:
    nsContainer
    top
add cn:
    cas
adding new entry "cn=cas,cn=ca,dc=rnd,dc=test,dc=net"
modify complete


2019-12-06T08:42:55Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2019-12-06T08:42:55Z DEBUG   duration: 0 seconds
2019-12-06T08:42:55Z DEBUG   [28/44]: adding delegation layout
2019-12-06T08:42:55Z DEBUG Starting external process
2019-12-06T08:42:55Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp5al6DX -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL
2019-12-06T08:42:55Z DEBUG Process finished, return code=50
2019-12-06T08:42:55Z DEBUG stdout=add objectClass:
    top
    nsContainer
add cn:
    roles
adding new entry "cn=roles,cn=accounts,dc=rnd,dc=test,dc=net"


2019-12-06T08:42:55Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RND-TEST-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldap_add: Insufficient access (50)
    additional info: Insufficient 'add' privilege to add the entry 'cn=roles,cn=accounts,dc=rnd,dc=test,dc=net'.


2019-12-06T08:42:55Z CRITICAL Failed to load delegation.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmp5al6DX -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL' returned non-zero exit status 50
2019-12-06T08:42:55Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 963, in __add_delegation_layout
    self._ldap_mod("delegation.ldif", self.sub_dict)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 370, in _ldap_mod
    ipautil.run(args, nolog=nologlist)
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 563, in run
    raise CalledProcessError(p.returncode, arg_string, str(output))
CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmp5al6DX -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL' returned non-zero exit status 50

2019-12-06T08:42:55Z DEBUG   [error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmp5al6DX -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL' returned non-zero exit status 50
2019-12-06T08:42:55Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run
    return cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 360, in run
    return self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 386, in execute
    for rval in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 655, in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install
    for unused in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 590, in main
    master_install(self)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 250, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 783, in install
    setup_pkinit=not options.no_pkinit)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 345, in create_instance
    self.start_creation(runtime=30)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 963, in __add_delegation_layout
    self._ldap_mod("delegation.ldif", self.sub_dict)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 370, in _ldap_mod
    ipautil.run(args, nolog=nologlist)
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 563, in run
    raise CalledProcessError(p.returncode, arg_string, str(output))

2019-12-06T08:42:55Z DEBUG The ipa-server-install command failed, exception: CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmp5al6DX -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL' returned non-zero exit status 50
2019-12-06T08:42:55Z ERROR Command '/usr/bin/ldapmodify -v -f /tmp/tmp5al6DX -H ldapi://%2fvar%2frun%2fslapd-RND-TEST-NET.socket -Y EXTERNAL' returned non-zero exit status 50
2019-12-06T08:42:55Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Hi,
I suspect your issue happens because of the option --idstart 00000000. The uids are assigned starting from this number, meaning that the user admin (the first one created) will get uid=0 which is conflicting with the root user id=0.
When authentication happens on the ldapi interface, the server tries to find an entry with the uid of the user. Usually we don't have any FreeIPA user with uid=0, and in this case ldapi detects that the user is root and binds as cn=Directory Manager (see ldapi and autobind).
Here the server finds an entry (admin) with uid=0 and admin does not have the same access rights, which results in the failure.
Could you retry with a different --idstart value, or even remove this option (in this case a random value > 200000 will be used).

Another comment: if you have installed the server without DNS and you later want to have a DNS< you can use ipa-dns-install on your running server. No need to uninstall everything and start-over.

Hi,
I suspect your issue happens because of the option --idstart 00000000. The uids are assigned starting from this number, meaning that the user admin (the first one created) will get uid=0 which is conflicting with the root user id=0.
When authentication happens on the ldapi interface, the server tries to find an entry with the uid of the user. Usually we don't have any FreeIPA user with uid=0, and in this case ldapi detects that the user is root and binds as cn=Directory Manager (see ldapi and autobind).
Here the server finds an entry (admin) with uid=0 and admin does not have the same access rights, which results in the failure.
Could you retry with a different --idstart value, or even remove this option (in this case a random value > 200000 will be used).

Another comment: if you have installed the server without DNS and you later want to have a DNS< you can use ipa-dns-install on your running server. No need to uninstall everything and start-over.

Thanks, it works.
My second install not only connect to dns but also need connect to Windows AD as a subdomain and replan IPA domain and hostname, so i think i must reinstall it.

Metadata Update from @rcritten:
- Issue close_status updated to: invalid
- Issue status updated to: Closed (was: Open)

2 years ago

It occurs to me we should prevent specifying idstart == 0, re-opening.

Metadata Update from @rcritten:
- Issue priority set to: normal
- Issue set to the milestone: FreeIPA 4.8.4
- Issue status updated to: Open (was: Closed)
- Issue tagged with: Falcon, easyfix

2 years ago

SGTM

PR https://github.com/freeipa/freeipa/pull/4003 requires idstart to be larger than UID_MAX / GID_MAX from /etc/login.defs.

Metadata Update from @cheimes:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/4003

2 years ago

master:

  • 44b3791 Require idstart to be larger than UID_MAX

ipa-4-8:

  • 6a95373 Require idstart to be larger than UID_MAX

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata