Gentle bump (whilst I remember to nudge this).

TL;DR
Does anyone know the likely implications of error messages such as:

"Setting property 'enableOCSP' to 'false' did not find a matching property."
(then repeated for several other properties)

On 4 January 2018 at 14:52, David Harvey <davidchar...@googlemail.com>
wrote:

> Point No.2 Is now sorted. It was the old missing Subject Alternative Name
> extension in certificate problem (which I had only seen with https until
> now!).
> I would still love to know if I need to live in fear of the other errors
> though :)
>
> On 4 January 2018 at 12:25, David Harvey <davidchar...@googlemail.com>
> wrote:
>
>> Dear list,
>>
>> In trying to escape from the various issues facing the ubuntu freeipa, I
>> attempted to make the switch to Fedora 26 (same freeipa version 4.4.4).
>>
>> This seemed to go well (adding new replica first, and then replacing the
>> ubuntu based installs), but I notice on my fedora boxes several warnings in
>> /v/l/messages (pasted below).  Firstly, are these harmful, and what might I
>> need to rectify!? I have a half baked theory that this might relate to some
>> of the aspects that were broken in ubuntu and carrying their breakage
>> across to the new platform!
>>
>> Secondly - could they relate to an issue I am seeing where one specific
>> LDAPS client application is failing to verify the ldap server cert (even
>> thought other clients are quite happy talking to it) since the ipa server
>> reinstall?
>>
>> Advice appreciated, thank you in advance!
>>
>> David
>>
>>
>>
>>
>> Jan  4 11:53:09 ipa3 server[1357]: WARNING: Problem with JAR file
>> [/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead:
>> [false]
>> Jan  4 11:53:09 ipa3 ntpd[1200]: Soliciting pool server 45.79.111.114
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'enableOCSP' to 'false' did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'ocspResponderURL' to 'http://ipa3.thomac.net:9080/c
>> a/ocsp' did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'ocspResponderCertNickname' to 'ocspSigningCert
>> cert-pki-ca' did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'ocspCacheSize' to '1000' did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'ocspMinCacheEntryDuration' to '60' did not find a
>> matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'ocspMaxCacheEntryDuration' to '120' did not find a
>> matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'ocspTimeout' to '10' did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'strictCiphers' to 'true' did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'sslOptions' to 'ssl2=false,ssl3=false,tls=true' did
>> not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'ssl2Ciphers' to '-SSL2_RC4_128_WITH_MD5,-SSL2_
>> RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_
>> RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-
>> SSL2_DES_192_EDE3_CBC_WITH_MD5' did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'ssl3Ciphers' to '-SSL3_FORTEZZA_DMS_WITH_NULL_
>> SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_
>> 128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_
>> 3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_
>> EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZ
>> A_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_
>> WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_
>> EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_
>> CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA' did not find a matching
>> property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'tlsCiphers' to '-TLS_ECDH_ECDSA_WITH_AES_128_
>> CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_
>> WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>> +TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_
>> AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+
>> TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,
>> +TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_
>> EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_
>> ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_
>> 128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_
>> DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_S
>> HA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_
>> EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
>> did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a
>> matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find
>> a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'sslRangeCiphers' to '-TLS_ECDH_ECDSA_WITH_AES_128_
>> CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_
>> WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>> -TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_
>> AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-
>> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_
>> AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_
>> AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_
>> DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_
>> SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_RSA_WITH_
>> AES_128_CBC_SHA,-TLS_DHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_
>> RSA_WITH_AES_128_CBC_SHA256,-TLS_DHE_RSA_WITH_AES_256_CBC_
>> SHA256,-TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_
>> WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_
>> SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_
>> ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_
>> GCM_SHA256,-TLS_RSA_WITH_AES_128_CBC_SHA256,-TLS_RSA_WITH_
>> AES_256_CBC_SHA256,-TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_
>> RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA'
>> did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'serverCertNickFile' to 
>> '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
>> did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'passwordFile' to 
>> '/var/lib/pki/pki-tomcat/conf/password.conf'
>> did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'passwordClass' to 
>> 'org.apache.tomcat.util.net.jss.PlainPasswordFile'
>> did not find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetAllPropertiesRule]{Server/Service/Connector}
>> Setting property 'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not
>> find a matching property.
>> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
>> [SetPropertiesRule]{Server/Service/Engine/Host/Valve}
>> Setting property 'resolveHosts' to 'false' did not find a matching property.
>>
>>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to