Ondrej Valousek wrote:
  Hi list,

I have a problem with my IPA server:

[root@polaris etc]# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
     EXAMPLE-COM...                                         [  OK  ]
     PKI-IPA...                                             [  OK  ]
Failed to read data from Directory Service: Unknown error when
retrieving list of services from LDAP: {'matched':
'cn=masters,cn=ipa,cn=etc,dc=example,dc=com', 'desc': 'No such object'}
Shutting down
Shutting down dirsrv:
     EXAMPLE-COM...                                         [  OK  ]
     PKI-IPA...                                             [  OK  ]

I am able to start the services (dirsrv, named, krb5kdc) separately
though and then read the configuration fine:

[root@polaris log]# kinit admin
Password for ad...@example.com:
[root@polaris etc]# ldapsearch -Y GSSAPI -h localhost -b
SASL/GSSAPI authentication started
SASL username: ad...@example.com
SASL data security layer installed.
# extended LDIF
# LDAPv3
# base <cn=masters,cn=ipa,cn=etc,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL

# masters, ipa, etc, example.com
dn: cn=masters,cn=ipa,cn=etc,dc=example,dc=com
objectClass: nsContainer
objectClass: top
cn: masters

# polaris.example.com, masters, ipa, etc, example.com
dn: cn=polaris.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com
objectClass: top
objectClass: nsContainer
cn: polaris.example.com

# CA, polaris.example.com, masters, ipa, etc, example.com
dn: cn=CA,cn=polaris.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com
objectClass: nsContainer
objectClass: ipaConfigObject
objectClass: top
ipaConfigString: enabledService
ipaConfigString: startOrder 50
cn: CA

Does it ring any bell to you?
Note that the IPA server was running fine right after the installation....

Is your hostname set to polaris.example.com or polaris (check /etc/sysconfig/network).

What we search for is cn=$FQDN,cn=masters,cn=etc

That explains the matched part. It matched everything except the hostname.


Freeipa-users mailing list

Reply via email to