> Le 22 juil. 2015 à 18:40, Alexander Bokovoy <aboko...@redhat.com> a écrit : > > On Wed, 22 Jul 2015, Alexandre Ellert wrote: >> >>> Le 22 juil. 2015 à 18:08, Alexander Bokovoy <aboko...@redhat.com> a écrit : >>> >>> On Wed, 22 Jul 2015, Alexandre Ellert wrote: >>>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv >>>>> from both servers? >>>> >>>> Server 1: >>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv >>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( >>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) >>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( >>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) >>>> >>>> Server 2 : >>>> # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv >>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( >>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) >>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( >>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) >>>> >>>>> >>>>> With correct setup IPA 4.x should show: >>>>> /etc/dirsrv/schema/00core.ldif:attributeTypes: ( >>>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) >>>>> /etc/dirsrv/slapd-EXAMPLE-COM/schema/00core.ldif:attributeTypes: ( >>>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) >>>>> >>>>> I.e. there are two lines -- in the default schema and in the IPA >>>>> instance schema. — >>>> >>>> Seems to be good ? >>> Yes. Can you get a new set of logs on 'ipactl start'? >>> >>> -- >>> / Alexander Bokovoy >> >> Sorry, the log is very long…I can format differently if you need. > Thanks, no need for more logs right now. > > What I see from these logs: > - Directory server starts just fine but serves only port 389 > - krb5kdc starts just fine and works fine with LDAP server > - Dogtag tries to use LDAP server via port 636 and fails > > We need to see why port 636 is disabled. > > Can you grep /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif for following > attributes: > nsslapd-security > nsslapd-port > > They should be 'on' and '389' correspondingly. > > -- > / Alexander Bokovoy
Here is the result (on both servers) # grep nsslapd-security /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif nsslapd-security: on # grep nsslapd-port /etc/dirsrv/slapd-NUMEEZY-FR/dse.ldif nsslapd-port: 389 Notice that ns-slapd is listening on port 636 : # netstat -antp|grep '636\|389'|grep LISTEN tcp6 0 0 :::389 :::* LISTEN 12271/ns-slapd tcp6 0 0 :::636 :::* LISTEN 12271/ns-slapd
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project