> 
> Is there anything related to the connection error in dirsrv logs?
> 
> /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> /var/log/dirsrv/slapd-EXAMPLE-COM/access
> -- 
> Petr Vobornik

Yes, there are errors in /var/log/dirsrv/slapd-EXAMPLE-COM/errors when I try to 
start with ipactl -f start:

==> errors <==
[20/Jul/2015:16:28:05 +0200] attr_syntax_create - Error: the EQUALITY matching 
rule [caseIgnoreIA5Match] is not compatible with the syntax 
[1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[20/Jul/2015:16:28:05 +0200] attr_syntax_create - Error: the SUBSTR matching 
rule [caseIgnoreIA5SubstringsMatch] is not compatible with the syntax 
[1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[20/Jul/2015:16:28:06 +0200] - SSL alert: nsTLS1 is on, but the version range 
is lower than "TLS1.0"; Configuring the version range as default min: TLS1.0, 
max: TLS1.2.
[20/Jul/2015:16:28:06 +0200] SSL Initialization - Configured SSL version range: 
min: TLS1.0, max: TLS1.2
[20/Jul/2015:16:28:06 +0200] - SSL alert: Configured NSS Ciphers
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       TLS_RSA_WITH_AES_128_CBC_SHA: 
enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       TLS_RSA_WITH_AES_256_CBC_SHA: 
enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:       TLS_RSA_WITH_SEED_CBC_SHA: 
enabled
[20/Jul/2015:16:28:06 +0200] - 389-Directory/1.3.3.1 B2015.118.1941 starting up
[20/Jul/2015:16:28:06 +0200] - WARNING: cache too small, increasing to 500K 
bytes
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 -- 
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 -- 
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 -- 
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 -- 
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 -- 
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 -- 
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING: userRoot: entry cache size 512000B is 
less than db size 1384448B; We recommend to increase the entry cache size 
nsslapd-cachememsize.
[20/Jul/2015:16:28:06 +0200] - WARNING: ipaca: entry cache size 512000B is less 
than db size 20013056B; We recommend to increase the entry cache size 
nsslapd-cachememsize.
[20/Jul/2015:16:28:06 +0200] - WARNING: changelog: entry cache size 512000B is 
less than db size 9314304B; We recommend to increase the entry cache size 
nsslapd-cachememsize.
[20/Jul/2015:16:28:06 +0200] - I'm resizing my cache now...cache was 320000 and 
is now 400000
[20/Jul/2015:16:28:07 +0200] schema-compat-plugin - warning: no entries set up 
under cn=computers, cn=compat,dc=numeezy,dc=fr
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target 
cn=keys,cn=sec,cn=dns,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target 
cn=groups,cn=compat,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target 
cn=computers,cn=compat,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target 
cn=ng,cn=compat,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target 
ou=sudoers,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target 
cn=users,cn=compat,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target 
cn=ad,cn=etc,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target cn=casigningcert 
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target cn=casigningcert 
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target cn=automember rebuild 
membership,cn=tasks,cn=config does not exist
[20/Jul/2015:16:28:07 +0200] - Skipping CoS Definition cn=Password 
Policy,cn=accounts,dc=numeezy,dc=fr--no CoS Templates found, which should be 
added before the CoS Definition.
[20/Jul/2015:16:28:07 +0200] slapi_ldap_bind - Error: could not send startTLS 
request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is 
not connected)
[20/Jul/2015:16:28:07 +0200] NSMMReplicationPlugin - 
agmt="cn=cloneAgreement1-inf-ipa-2.numeezy.fr-pki-tomcat" (inf-ipa:7389): 
Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP 
server) ()
[20/Jul/2015:16:28:07 +0200] set_krb5_creds - Could not get initial credentials 
for principal [ldap/inf-ipa-2.numeezy...@numeezy.fr] in keytab 
[FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested 
realm)
[20/Jul/2015:16:28:07 +0200] slapd_ldap_sasl_interactive_bind - Error: could 
not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local 
error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  
Minor code may provide more information (No Kerberos credentials available)) 
errno 0 (Success)
[20/Jul/2015:16:28:07 +0200] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local 
error)
[20/Jul/2015:16:28:07 +0200] NSMMReplicationPlugin - 
agmt="cn=meToinf-ipa.numeezy.fr" (inf-ipa:389): Replication bind with GSSAPI 
auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI 
Error: Unspecified GSS failure.  Minor code may provide more information (No 
Kerberos credentials available))
[20/Jul/2015:16:28:07 +0200] - Skipping CoS Definition cn=Password 
Policy,cn=accounts,dc=numeezy,dc=fr--no CoS Templates found, which should be 
added before the CoS Definition.
[20/Jul/2015:16:28:10 +0200] set_krb5_creds - Could not get initial credentials 
for principal [ldap/inf-ipa-2.numeezy...@numeezy.fr] in keytab 
[FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested 
realm)
[20/Jul/2015:16:28:10 +0200] slapi_ldap_bind - Error: could not send startTLS 
request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is 
not connected)
[20/Jul/2015:16:28:10 +0200] slapd_ldap_sasl_interactive_bind - Error: could 
not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local 
error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  
Minor code may provide more information (No Kerberos credentials available)) 
errno 0 (Success)
[20/Jul/2015:16:28:10 +0200] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local 
error)
[20/Jul/2015:16:28:11 +0200] - slapd started.  Listening on All Interfaces port 
389 for LDAP requests
[20/Jul/2015:16:28:11 +0200] - Listening on All Interfaces port 636 for LDAPS 
requests
[20/Jul/2015:16:28:11 +0200] - Listening on /var/run/slapd-NUMEEZY-FR.socket 
for LDAPI requests
[20/Jul/2015:16:28:16 +0200] slapi_ldap_bind - Error: could not send startTLS 
request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is 
not connected)
[20/Jul/2015:16:28:16 +0200] NSMMReplicationPlugin - 
agmt="cn=meToinf-ipa.numeezy.fr" (inf-ipa:389): Replication bind with GSSAPI 
auth resumed
[20/Jul/2015:16:28:17 +0200] attr_syntax_create - Error: the EQUALITY matching 
rule [caseIgnoreIA5Match] is not compatible with the syntax 
[1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[20/Jul/2015:16:28:17 +0200] attr_syntax_create - Error: the SUBSTR matching 
rule [caseIgnoreIA5SubstringsMatch] is not compatible with the syntax 
[1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[20/Jul/2015:16:28:28 +0200] slapi_ldap_bind - Error: could not send startTLS 
request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is 
not connected)
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to