The dirsrv log just shows a bunch of the following:
[13/Oct/2017:14:32:07.132312021 -0600] - ERR - slapi_ldap_bind - Error:
could not bind id [cn=Replication Manager cloneAgreement1-ipa,ou=csusers,cn=config] authentication mechanism
[SIMPLE]: error 32 (No such object)

That makes sense though since pki-tomcat won't start.  Rob was asking what
was in the logs located at /var/log/pki/pki-tomcat/ca/debug, but that path
doesn't exist on any of my IPA servers.  He said that would normally be the
first place to look.  Hence, I am looking for other solutions.

On Thu, Oct 26, 2017 at 12:37 PM, Jochen Hein <> wrote:

> Kristian Petersen via FreeIPA-users
> <> writes:
> > When I recently updated one of my IPA servers (it reports
> > 4.5.0-21.el7_4.1.2 in yum), the result was that it could not start back
> up
> > because pki-tomcatd kept failing.  I was able to get it running for now
> by
> > ignoring the failure of that one service, but I haven't been able to to
> > determine the cause.  The logs are pretty quiet on this one.  They show
> the
> > failure itself, but not information that helps me fix the problem.
> Can you show the relevant logs?  Is there something in the dirsrv logs
> at that time?  CA logs aren't easy to read, but should give at least a
> hint where to look further.
> Jochen
> --
> This space is intentionally left blank.

Kristian Petersen
System Administrator
Dept. of Chemistry and Biochemistry
FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to