My master began life as OS 6.2 / IPA 2.1.3 / pki-9.0.3 and does not have a cert database at:
/etc/pki/pki-tomcat/alias At: /var/lib/pki-ca/alias subsystemCert cert-pki-ca has a serial number of 18 (0x12) At: uid=CA-$HOST-8443,ou=people,o=ipaca the certificate has a serial number of 4. What is the best way to fix this? If it matters, the master installation is old enough to have had its certs auto-renewed. Dennis -----Original Message----- From: Petr Vobornik [mailto:[email protected]] Sent: Friday, April 15, 2016 10:06 AM To: Ott, Dennis; [email protected] Subject: Re: [Freeipa-users] 7.x replica install from 6.x master fails On 04/15/2016 03:51 PM, Ott, Dennis wrote: > Looks like we're out of ideas. > > I'll proceed with Plan B. > A possibility is also to check if Serial number of certutil -d /etc/pki/pki-tomcat/alias -L -n 'subsystemCert cert-pki-ca' matches serial number of the cert below (4) and if uid=CA-$HOST-8443,ou=people,o=ipaca has actually the same cert in userCertificate attribute Or maybe to do the same with other PKI users in ou=people,o=ipaca > -----Original Message----- > From: Ott, Dennis > Sent: Monday, April 11, 2016 12:27 PM > To: Ott, Dennis; Petr Vobornik; [email protected] > Subject: RE: [Freeipa-users] 7.x replica install from 6.x master fails > > As a test, I attempted to do a replica install on a Fedora 23 machine. It > fails with the same error. > > Dennis > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Ott, Dennis > Sent: Thursday, April 07, 2016 5:39 PM > To: Petr Vobornik; [email protected] > Subject: Re: [Freeipa-users] 7.x replica install from 6.x master fails > > It doesn't look like that is my problem. The output of pki-server > ca-group-member-find "Subsystem Group" gives: > > > User ID: CA-ptipa1.example.com-9443 > Common Name: CA-ptipa1.example.com-9443 > Surname: CA-ptipa1.example.com-9443 > Type: agentType > Description: 2;4;CN=Certificate Authority,O=EXAMPLE.COM;CN=CA > Subsystem,O=EXAMPLE.COM > E-mail: > > All the certs seem valid: > > # getcert list | grep expires > expires: 2017-07-18 00:55:14 UTC > expires: 2017-07-18 00:54:14 UTC > expires: 2017-07-18 00:54:14 UTC > expires: 2017-07-18 00:54:14 UTC > expires: 2017-07-18 00:54:14 UTC > expires: 2017-08-09 00:54:19 UTC > expires: 2017-08-09 00:54:19 UTC > expires: 2017-08-09 00:54:21 UTC # > > I was wondering if I might be hitting this: > > http://cp.mcafee.com/d/1jWVIi6x8SyMVuXzX0VMSrhhjhupjvvhdEEFELcFKcECPpI > SHoHZalxOVIsWqehMGDpMQsyGeWOPtfhktZy0GM-xEGYCXslsttJtVNxeSICPpISr9PCJh > bctZ2It9RFfQe00UX7_AJKjBoHYYvhjd79IQh1ysM3d40tY8iEq8zh0qf0XUgBjwNeoalI > l-BaMVsQv6QmhPPzNI5-Aq83iSbN_VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdljh > 0VMuq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh > http://cp.mcafee.com/d/5fHCNEg3zqb3BXKfI3D3pJ55d5VBdZZ4SyyCyYOCUOyrdCP > qJyLQFm7bCNPFEV72GtD3hOaEXHbdQZ5hTS82H3W6yHOrJNlNRSRTD64XqOrdCPpIDeqR4 > INTQaNQDmA_gU03yNmmjBoHYYhod7bVIQh1ysM3d40tY8iEq8zh0qf0XUgBjwNeoalIl-B > aMVsQv6QmhPPzNI5-Aq83iSbN_VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdljh0VM > uq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh > > It says it is fixed in pki 10.2.6. 10.2.6 has been released for Fedora (many > months ago), but is not yet available for enterprise. > > Dennis > > > > > -----Original Message----- > From: Petr Vobornik [mailto:[email protected]] > Sent: Thursday, April 07, 2016 10:56 AM > To: Ott, Dennis; [email protected] > Subject: Re: [Freeipa-users] 7.x replica install from 6.x master fails > > Sorry for the late response. > > It looks like a bug > http://cp.mcafee.com/d/1jWVIe4xAe3zqb3BXInd7b1EVdCQkkQnCkTTQjqaaqbParz > a9ISrdGSa_iBosKr7eLqaEF-waI47nQ7LQl8m7f2H3ab0Ggvhv5mtKqek4Q4hPEVwSrdCP > pesRG9px1IyaiffTE-wjSvbVgDkMaA6Of08iAwsyCqekhP0US5LD4Qg1CF2IoiaCy0Qub6 > qAaNx85hZ0DI-nd7NJ5CZNPxI5-Aq83iSbN_VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDC > y1Sdljh0VMuq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh > But it should be fixed in pki-core-9.0.3-45.el6_7 so I'm not sure. > > Anyway, > java.io.IOException: 2 actually means authentication failure. > > The authentication problem might be caused by a missing subsystem user > (bug #1225589) and there's already a tool to restore it. However, > before running the script, please run this command on the master to > verify the > problem: > > $ pki-server ca-group-member-find "Subsystem Group" > > Ideally it should return a user ID "CA-<hostname>-9443" and the description > attribute should contain the subsystem certificate in this format > "<version>;<serial>;<issuer DN>;<subject DN>". > > If that's not the case, please run this tool to restore the subsystem user: > > $ python /usr/share/pki/scripts/restore-subsystem-user.py > > Then run this command again to verify the fix: > > $ pki-server ca-group-member-find "Subsystem Group" > > If everything works well, please try installing the replica again. > > Also verify that all certificates in `getcert list` output are not expired. > > > On 03/31/2016 09:07 PM, Ott, Dennis wrote: >> Petr, >> >> Original 6.x master installed at: >> >> ipa-server-2.1.3-9 >> >> pki-ca-9.0.3-20 >> >> >> At the time the migration was attempted, the 6.x master had been updated to: >> >> ipa-server-3.0.0-47 >> >> pki-ca-9.0.3-45 >> >> >> The 7.x replica install has been attempted using a variety of versions. The >> log excerpts at the beginning of this email were from an installation >> attempt using: >> >> ipa-server-4.2.0-15.0.1 >> >> pki-ca-10.2.5-6 >> >> >> It's a standard CA installation. This line is from >> /var/log/ipaserverinstall.log showing selfsign as False: >> >> 2013-09-04T18:41:20Z DEBUG /usr/sbin/ipa-server-install was invoked >> with options: {'zone_refresh': 0, 'reverse_zone': None, 'realm_name': >> None, 'create_sshfp': True, 'conf_sshd': False, 'conf_ntp': False, >> 'subject': None, 'no_forwarders': False, 'persistent_search': True, >> 'ui_redirect': True, 'domain_name': None, 'idmax': 0, 'hbac_allow': >> True, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended': >> False, >> 'selfsign': False, 'trust_sshfp': False, 'external_ca_file': None, >> 'no_host_dns': False, 'http_pkcs12': None, 'zone_notif': False, >> 'forwarders': None, 'idstart': 900000000, 'external_ca': False, >> 'ip_address': None, 'conf_ssh': False, 'serial_autoincrement': True, >> 'zonemgr': None, 'setup_dns': False, 'host_name': None, 'debug': >> False, 'external_cert_file': None, 'uninstall': False} >> 2013-09-04T18:41:20Z DEBUG missing options might be asked for >> interactively later >> >> >> -----Original Message----- >> From: Petr Vobornik [mailto:[email protected]] >> Sent: Tuesday, March 29, 2016 6:43 AM >> To: Ott, Dennis; [email protected] >> Subject: Re: [Freeipa-users] 7.x replica install from 6.x master >> fails >> >> On 03/24/2016 04:29 PM, Ott, Dennis wrote: >>> I am trying to migrate from OS 6.x / IPA 3.0 to OS 7.x / IPA 4.x. >>> After working through and solving a few issues, my current efforts >>> fail when setting up the replica CA. >>> >>> If I set up a new, pristine master on OS 6.7, I am able to create an >>> OS 7.x replica without any problem. However, if I try to create a >>> replica from my two year old test lab instance (production will be >>> another matter for the future) it fails. The test lab master was >>> created a couple of years ago on OS 6.3 / IPA 2.x and has been >>> upgraded to the latest versions in the 6.x chain. It is old enough >>> to have had all the certificates renewed, but I believe I have worked >>> through all the issues related to that. >>> >>> Below is what I believe are the useful portions of the pertinent logs. >>> I’ve not been able to find anything online that speaks to the errors >>> I am seeing >>> >>> Thanks for your help. >> >> Hello Dennis, >> >> what are the exact versions of pki-ca and ipa-server on the 6.x master and >> 7.x replica? >> >> What kind of CA installation does the old 6.x master install have? Is >> standard installation with CA or does it also use external CA? >> >> I assume it is not self-sign (very old unsupported type, which could be >> converted in 7.x as CA-less). >> >>> >>> /var/log/ipareplica-install.log >>> >>> 2016-03-23T21:55:11Z DEBUG Configuring certificate server (pki-tomcatd). >>> Estimated time: 3 minutes 30 seconds >>> >>> 2016-03-23T21:55:11Z DEBUG [1/23]: creating certificate server user >>> >>> 2016-03-23T21:55:11Z DEBUG group pkiuser exists >>> >>> 2016-03-23T21:55:11Z DEBUG user pkiuser exists >>> >>> 2016-03-23T21:55:11Z DEBUG duration: 0 seconds >>> >>> 2016-03-23T21:55:11Z DEBUG [2/23]: configuring certificate server instance >>> >>> 2016-03-23T21:55:11Z DEBUG Loading StateFile from >>> '/var/lib/ipa/sysrestore/sysrestore.state' >>> >>> 2016-03-23T21:55:11Z DEBUG Saving StateFile to >>> '/var/lib/ipa/sysrestore/sysrestore.state' >>> >>> 2016-03-23T21:55:11Z DEBUG Contents of pkispawn configuration file >>> (/tmp/tmpGQ59ZC): >>> >>> [CA] >>> >>> pki_security_domain_name = IPA >>> >>> pki_enable_proxy = True >>> >>> pki_restart_configured_instance = False >>> >>> pki_backup_keys = True >>> >>> pki_backup_password = XXXXXXXX >>> >>> pki_profiles_in_ldap = True >>> >>> pki_client_database_dir = /tmp/tmp-g0CKZ3 >>> >>> pki_client_database_password = XXXXXXXX >>> >>> pki_client_database_purge = False >>> >>> pki_client_pkcs12_password = XXXXXXXX >>> >>> pki_admin_name = admin >>> >>> pki_admin_uid = admin >>> >>> pki_admin_email = root@localhost >>> >>> pki_admin_password = XXXXXXXX >>> >>> pki_admin_nickname = ipa-ca-agent >>> >>> pki_admin_subject_dn = cn=ipa-ca-agent,O=EXAMPLE.COM >>> >>> pki_client_admin_cert_p12 = /root/ca-agent.p12 >>> >>> pki_ds_ldap_port = 389 >>> >>> pki_ds_password = XXXXXXXX >>> >>> pki_ds_base_dn = o=ipaca >>> >>> pki_ds_database = ipaca >>> >>> pki_subsystem_subject_dn = cn=CA Subsystem,O=EXAMPLE.COM >>> >>> pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=EXAMPLE.COM >>> >>> pki_ssl_server_subject_dn = cn=pt-idm-vm01.example.com,O=EXAMPLE.COM >>> >>> pki_audit_signing_subject_dn = cn=CA Audit,O=EXAMPLE.COM >>> >>> pki_ca_signing_subject_dn = cn=Certificate Authority,O=EXAMPLE.COM >>> >>> pki_subsystem_nickname = subsystemCert cert-pki-ca >>> >>> pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca >>> >>> pki_ssl_server_nickname = Server-Cert cert-pki-ca >>> >>> pki_audit_signing_nickname = auditSigningCert cert-pki-ca >>> >>> pki_ca_signing_nickname = caSigningCert cert-pki-ca >>> >>> pki_ca_signing_key_algorithm = SHA256withRSA >>> >>> pki_security_domain_hostname = ptipa1.example.com >>> >>> pki_security_domain_https_port = 443 >>> >>> pki_security_domain_user = admin >>> >>> pki_security_domain_password = XXXXXXXX >>> >>> pki_clone = True >>> >>> pki_clone_pkcs12_path = /tmp/ca.p12 >>> >>> pki_clone_pkcs12_password = XXXXXXXX >>> >>> pki_clone_replication_security = TLS >>> >>> pki_clone_replication_master_port = 7389 >>> >>> pki_clone_replication_clone_port = 389 >>> >>> pki_clone_replicate_schema = False >>> >>> pki_clone_uri = >>> http://cp.mcafee.com/d/k-Kr6zqb3VEVjouhuodCQkkQnCkTTQjqaaqbParza9ISr >>> d >>> G >>> Sa_iBosKrKVXMGgog82KA1N1BeTyH93t5m7hOoHH3b8GOxvQd8e89K8CPpISr9PCJhbc >>> m >>> D >>> 9rkuYf21_YLxIbve9Ew3di5oMAld41EYmcR8lz2gazW1fpYKqfzqaabyr1I5-Aq83iSb >>> N >>> _ >>> VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdljh0VMuq85tFfUCy1Tp7QdK8CQPrNK >>> V >>> J >>> USyrh >>> >>> 2016-03-23T21:55:11Z DEBUG Starting external process >>> >>> 2016-03-23T21:55:11Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' >>> '/tmp/tmpGQ59ZC' >>> >>> 2016-03-23T21:56:51Z DEBUG Process finished, return code=1 >>> >>> 2016-03-23T21:56:51Z DEBUG stdout=Log file: >>> /var/log/pki/pki-ca-spawn.20160323175511.log >>> >>> Loading deployment configuration from /tmp/tmpGQ59ZC. >>> >>> Installing CA into /var/lib/pki/pki-tomcat. >>> >>> Storing deployment configuration into >>> /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. >>> >>> Installation failed. >>> >>> 2016-03-23T21:56:51Z DEBUG >>> stderr=/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: >>> InsecureRequestWarning: Unverified HTTPS request is being made. >>> Adding certificate verification is strongly advised. See: >>> http://cp.mcafee.com/d/5fHCNAi6hESyM-qekS7AnC3pJ55d5VBdZZ4SyyCyYOCUO >>> y >>> r >>> dCPqJyLQFm7bCXKuYaA6420HF0sgpjJUGOgThlxQsCaWMOOaIEnZ3i3y2ry9ISrdCOsV >>> H >>> k >>> iP6UDDO8cZ7ZgCjZ2JGs01PUovI_FfavpKcFBK1NIbve9Ew3di5oMAld41EYmcR8lz2g >>> a >>> z >>> W1fpYKqfzqaabyr1I5-Aq83iSbN_VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdlj >>> h >>> 0 >>> VMuq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh >>> >>> InsecureRequestWarning) >>> >>> pkispawn : WARNING ....... unable to validate security domain >>> user/password >>> through REST interface. Interface not available >>> >>> pkispawn : ERROR ....... Exception from Java Configuration Servlet: >>> 500 >>> Server Error: Internal Server Error >>> >>> pkispawn : ERROR ....... ParseError: not well-formed (invalid token): >>> line >>> 1, column 0: >>> {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base. >>> PKIException","Code":500,"Message":"Error >>> while updating security domain: java.io.IOException: 2"} >>> >>> 2016-03-23T21:56:51Z CRITICAL Failed to configure CA instance: >>> Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpGQ59ZC'' >>> returned non-zero exit status 1 >>> >>> 2016-03-23T21:56:51Z CRITICAL See the installation logs and the >>> following files/directories for more information: >>> >>> 2016-03-23T21:56:51Z CRITICAL /var/log/pki-ca-install.log >>> >>> 2016-03-23T21:56:51Z CRITICAL /var/log/pki/pki-tomcat >>> >>> 2016-03-23T21:56:51Z DEBUG Traceback (most recent call last): >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>> line 418, in start_creation >>> >>> run_step(full_msg, method) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>> line 408, in run_step >>> >>> method() >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", >>> line 620, in __spawn_instance >>> >>> DogtagInstance.spawn_instance(self, cfg_file) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py" >>> , >>> line 201, in spawn_instance >>> >>> self.handle_setup_error(e) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py" >>> , >>> line 465, in handle_setup_error >>> >>> raise RuntimeError("%s configuration failed." % >>> self.subsystem) >>> >>> RuntimeError: CA configuration failed. >>> >>> 2016-03-23T21:56:51Z DEBUG [error] RuntimeError: CA configuration failed. >>> >>> 2016-03-23T21:56:51Z DEBUG File >>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, >>> in execute >>> >>> return_value = self.run() >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", >>> line 311, in run >>> >>> cfgr.run() >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 281, in run >>> >>> self.execute() >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 303, in execute >>> >>> for nothing in self._executor(): >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 343, in __runner >>> >>> self._handle_exception(exc_info) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 365, in _handle_exception >>> >>> util.raise_exc_info(exc_info) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 333, in __runner >>> >>> step() >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >>> line 87, in run_generator_with_yield_from >>> >>> raise_exc_info(exc_info) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >>> line 65, in run_generator_with_yield_from >>> >>> value = gen.send(prev_value) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 524, in _configure >>> >>> executor.next() >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 343, in __runner >>> >>> self._handle_exception(exc_info) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 421, in _handle_exception >>> >>> self.__parent._handle_exception(exc_info) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 365, in _handle_exception >>> >>> util.raise_exc_info(exc_info) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 418, in _handle_exception >>> >>> super(ComponentBase, self)._handle_exception(exc_info) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 365, in _handle_exception >>> >>> util.raise_exc_info(exc_info) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>> line 333, in __runner >>> >>> step() >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >>> line 87, in run_generator_with_yield_from >>> >>> raise_exc_info(exc_info) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >>> line 65, in run_generator_with_yield_from >>> >>> value = gen.send(prev_value) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line >>> 63, in _install >>> >>> for nothing in self._installer(self.parent): >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicain >>> s >>> t >>> all.py", >>> line 879, in main >>> >>> install(self) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicain >>> s >>> t >>> all.py", >>> line 295, in decorated >>> >>> func(installer) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicain >>> s >>> t >>> all.py", >>> line 584, in install >>> >>> ca.install(False, config, options) >>> >>> File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", >>> line 106, in install >>> >>> install_step_0(standalone, replica_config, options) >>> >>> File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", >>> line 130, in >>> install_step_0 >>> >>> ra_p12=getattr(options, 'ra_p12', None)) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", >>> line 1543, in install_replica_ca >>> >>> subject_base=config.subject_base) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", >>> line 486, in configure_instance >>> >>> self.start_creation(runtime=210) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>> line 418, in start_creation >>> >>> run_step(full_msg, method) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>> line 408, in run_step >>> >>> method() >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", >>> line 620, in __spawn_instance >>> >>> DogtagInstance.spawn_instance(self, cfg_file) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py" >>> , >>> line 201, in spawn_instance >>> >>> self.handle_setup_error(e) >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py" >>> , >>> line 465, in handle_setup_error >>> >>> raise RuntimeError("%s configuration failed." % >>> self.subsystem) >>> >>> 2016-03-23T21:56:51Z DEBUG The ipa-replica-install command failed, >>> exception: >>> RuntimeError: CA configuration failed. >>> >>> 2016-03-23T21:56:51Z ERROR CA configuration failed. >>> >>> /var/log/pki/pki-ca-spawn.<date>.log >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ....... rm -f >>> /etc/pki/pki-tomcat/ca/noise >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ....... rm -f >>> /etc/pki/pki-tomcat/pfile >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ....... ln -s >>> /lib/systemd/system/[email protected] >>> /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat. >>> s >>> e >>> rvice >>> >>> 2016-03-23 17:55:12 pkispawn : DEBUG ........... chown -h 17:17 >>> /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat. >>> s >>> e >>> rvice >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ... configuring >>> 'pki.server.deployment.scriptlets.configuration' >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ....... mkdir -p >>> /root/.dogtag/pki-tomcat/ca >>> >>> 2016-03-23 17:55:12 pkispawn : DEBUG ........... chmod 755 >>> /root/.dogtag/pki-tomcat/ca >>> >>> 2016-03-23 17:55:12 pkispawn : DEBUG ........... chown 0:0 >>> /root/.dogtag/pki-tomcat/ca >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ....... generating >>> '/root/.dogtag/pki-tomcat/ca/password.conf' >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ....... modifying >>> '/root/.dogtag/pki-tomcat/ca/password.conf' >>> >>> 2016-03-23 17:55:12 pkispawn : DEBUG ........... chmod 660 >>> /root/.dogtag/pki-tomcat/ca/password.conf >>> >>> 2016-03-23 17:55:12 pkispawn : DEBUG ........... chown 0:0 >>> /root/.dogtag/pki-tomcat/ca/password.conf >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ....... generating >>> '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf' >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ....... modifying >>> '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf' >>> >>> 2016-03-23 17:55:12 pkispawn : DEBUG ........... chmod 660 >>> /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf >>> >>> 2016-03-23 17:55:12 pkispawn : DEBUG ........... chown 17:17 >>> /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ....... executing 'certutil -N -d >>> /tmp/tmp-g0CKZ3 -f /root/.dogtag/pki-tomcat/ca/password.conf' >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ....... executing 'systemctl >>> daemon-reload' >>> >>> 2016-03-23 17:55:12 pkispawn : INFO ....... executing 'systemctl >>> start >>> [email protected]' >>> >>> 2016-03-23 17:55:12 pkispawn : DEBUG ........... No connection - >>> server >>> may still be down >>> >>> 2016-03-23 17:55:12 pkispawn : DEBUG ........... No connection - >>> exception >>> thrown: ('Connection aborted.', error(111, 'Connection refused')) >>> >>> 2016-03-23 17:55:13 pkispawn : DEBUG ........... No connection - >>> server >>> may still be down >>> >>> 2016-03-23 17:55:13 pkispawn : DEBUG ........... No connection - >>> exception >>> thrown: ('Connection aborted.', error(111, 'Connection refused')) >>> >>> 2016-03-23 17:55:24 pkispawn : DEBUG ........... <?xml version="1.0" >>> encoding="UTF-8" >>> standalone="no"?><XMLResponse><State>0</State><Type>CA</Type><Status >>> > r unning</Status><Version>10.2.5-6.el7</Version></XMLResponse> >>> >>> 2016-03-23 17:55:25 pkispawn : INFO ....... constructing PKI >>> configuration data. >>> >>> 2016-03-23 17:55:25 pkispawn : INFO ....... configuring PKI >>> configuration >>> data. >>> >>> 2016-03-23 17:56:51 pkispawn : ERROR ....... Exception from Java >>> Configuration Servlet: 500 Server Error: Internal Server Error >>> >>> 2016-03-23 17:56:51 pkispawn : ERROR ....... ParseError: not >>> well-formed >>> (invalid token): line 1, column 0: >>> {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base. >>> PKIException","Code":500,"Message":"Error >>> while updating security domain: java.io.IOException: 2"} >>> >>> 2016-03-23 17:56:51 pkispawn : DEBUG ....... Error Type: ParseError >>> >>> 2016-03-23 17:56:51 pkispawn : DEBUG ....... Error Message: not >>> well-formed (invalid token): line 1, column 0 >>> >>> 2016-03-23 17:56:51 pkispawn : DEBUG ....... File >>> "/usr/sbin/pkispawn", >>> line 597, in main >>> >>> rv = instance.spawn(deployer) >>> >>> File >>> "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/c >>> o >>> n >>> figuration.py", >>> line 116, in spawn >>> >>> json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) >>> >>> File >>> "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py" >>> , >>> line 3906, in configure_pki_data >>> >>> root = ET.fromstring(e.response.text) >>> >>> File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1300, >>> in XML >>> >>> parser.feed(text) >>> >>> File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1642, >>> in feed >>> >>> self._raiseerror(v) >>> >>> File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1506, >>> in _raiseerror >>> >>> raise err >>> >>> /var/log/pki/pki-tomcat/ca/debug >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: password >>> ok: store in memory cache >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init >>> ends >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: init: before >>> makeConnection errorIfDown is false >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: makeConnection: >>> errorIfDown false >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: Established LDAP >>> connection using basic authentication to host >>> pt-idm-vm01.example.com port 389 as cn=Directory Manager >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: initializing with >>> mininum 3 and maximum 15 connections to host pt-idm-vm01.example.com >>> port 389, secure connection, false, authentication type 1 >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: increasing minimum >>> connections by 3 >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: new total available >>> connections 3 >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: new number of >>> connections 3 >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: In >>> LdapBoundConnFactory::getConn() >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: masterConn is connected: >>> true >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: getConn: conn is >>> connected true >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: getConn: mNumConns now >>> 2 >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS: >>> param=preop.internaldb.manager_ldif >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS(): ldif >>> file = /usr/share/pki/server/conf/manager.ldif >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS(): ldif >>> file copy to /var/lib/pki/pki-tomcat/ca/conf/manager.ldif >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS(): LDAP >>> Errors in importing /var/lib/pki/pki-tomcat/ca/conf/manager.ldif >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LDAPUtil:importLDIF: >>> exception in adding entry >>> ou=csusers,cn=config:netscape.ldap.LDAPException: error result (68) >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LDAPUtil:importLDIF: >>> exception in modifying entry o=ipaca:netscape.ldap.LDAPException: >>> error result (20) >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: populateVLVIndexes(): >>> start >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: Creating >>> LdapBoundConnFactor(ConfigurationUtils) >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapBoundConnFactory: >>> init >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: >>> LdapBoundConnFactory:doCloning true >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init() >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init >>> begins >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init: >>> prompt is internaldb >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init: >>> try getting from memory cache >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init: >>> got password from memory >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init: >>> password found for prompt. >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: password >>> ok: store in memory cache >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: LdapAuthInfo: init >>> ends >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: init: before >>> makeConnection errorIfDown is false >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: makeConnection: >>> errorIfDown false >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: Established LDAP >>> connection using basic authentication to host >>> pt-idm-vm01.example.com port 389 as cn=Directory Manager >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: initializing with >>> mininum 3 and maximum 15 connections to host pt-idm-vm01.example.com >>> port 389, secure connection, false, authentication type 1 >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: increasing minimum >>> connections by 3 >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: new total available >>> connections 3 >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: new number of >>> connections 3 >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: In >>> LdapBoundConnFactory::getConn() >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: masterConn is connected: >>> true >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: getConn: conn is >>> connected true >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: getConn: mNumConns now >>> 2 >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS: >>> param=preop.internaldb.post_ldif >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS(): ldif >>> file = /usr/share/pki/ca/conf/vlv.ldif >>> >>> [23/Mar/2016:17:56:45][http-bio-8443-exec-3]: importLDIFS(): ldif >>> file copy to /var/lib/pki/pki-tomcat/ca/conf/vlv.ldif >>> >>> [23/Mar/2016:17:56:46][http-bio-8443-exec-3]: importLDIFS(): ldif >>> file = /usr/share/pki/ca/conf/vlvtasks.ldif >>> >>> [23/Mar/2016:17:56:46][http-bio-8443-exec-3]: importLDIFS(): ldif >>> file copy to /var/lib/pki/pki-tomcat/ca/conf/vlvtasks.ldif >>> >>> [23/Mar/2016:17:56:46][http-bio-8443-exec-3]: Checking wait_dn >>> cn=index1160589769, cn=index, cn=tasks, cn=config >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: Found data for 'sslserver' >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: >>> SystemConfigService:processCerts(): san_server_cert not found for >>> tag sslserver >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: configCert: caType is >>> local >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: configCert: caType is >>> remote (revised) >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: NamePanel: >>> updateConfig() for certTag sslserver >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: updateConfig() done >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: configCert: remote CA >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: CertRequestPanel: got >>> public key >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: CertRequestPanel: got >>> private key >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: NamePanel: For this >>> Cloned CA, always use its Master CA to generate the 'sslserver' >>> certificate to avoid any changes which may have been made to the X500Name >>> directory string encoding order. >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: ConfigurationUtils: >>> injectSAN=false >>> >>> [23/Mar/2016:17:56:48][http-bio-8443-exec-3]: CertUtil >>> createRemoteCert: content >>> requestor_name=CA-pt-idm-vm01.example.com-8443&profileId=caInternalA >>> u >>> t >>> hServerCert&cert_request_type=pkcs10&cert_request=MIICmzCCAYxxxxxxxx >>> x >>> x >>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >>> x >>> x >>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >>> x >>> x >>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >>> x >>> x >>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >>> x >>> x >>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >>> x >>> x >>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxrD6JPIBR7AA%3D&xmlOutput=true >>> & >>> s >>> essionID=-4495713718673639316 >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: CertUtil >>> createRemoteCert: status=0 >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: CertUtil createRemoteCert: >>> MIIDxTCCAq2gxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >>> x >>> x >>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >>> x >>> x >>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >>> x >>> x >>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >>> x >>> x >>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >>> x >>> x >>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxTDuSAWm2v7 >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: ConfigurationUtils: >>> handleCertRequest() begins >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCertRequest: >>> tag=sslserver >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: >>> privKeyID=29c021f3ccfafb1049bd33ce00e9b4ba35f2c1e7 >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCertRequest: >>> created cert request >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: Processing 'sslserver' >>> certificate: >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCerts(): for >>> cert tag 'sslserver' using cert type 'remote' >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCerts(): process >>> remote...import cert >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: deleteCert: >>> nickname=Server-Cert cert-pki-ca >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: deleteCert: cert >>> deleted successfully >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCerts(): >>> certchains length=2 >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: handleCerts(): import >>> certificate successfully, certTag=sslserver >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: Processed 'sslserver' >>> certificate. >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: === BackupKeyCert >>> Panel/SavePKCS12 Panel === >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: backupKeys(): start >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: === Admin Panel === >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: === Done Panel === >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: Updating existing >>> security domain >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: isSDHostDomainMaster(): >>> Getting domain.xml from CA... >>> >>> [23/Mar/2016:17:56:50][http-bio-8443-exec-3]: getDomainXML start >>> >>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: getDomainXML: status=0 >>> >>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: getDomainXML: >>> domainInfo=<?xml version="1.0" encoding="UTF-8" >>> standalone="no"?><DomainInfo><Name>IPA</Name><CAList><CA><Host>ptipa1. >>> example.com</Host><SecurePort>443</SecurePort><SecureAgentPort>443</ >>> S >>> e >>> cureAgentPort><SecureAdminPort>443</SecureAdminPort><SecureEEClientA >>> cureAgentPort>u >>> cureAgentPort>t >>> hPort>443</SecureEEClientAuthPort><UnSecurePort>80</UnSecurePort><Cl >>> hPort>o >>> hPort>n >>> e>FALSE</Clone><SubsystemName>pki-cad</SubsystemName><DomainManager> >>> e>T >>> e>R >>> UE</DomainManager></CA><SubsystemCount>1</SubsystemCount></CAList><O >>> C >>> S >>> PList><SubsystemCount>0</SubsystemCount></OCSPList><KRAList><Subsyst >>> PList>e >>> PList>m >>> Count>0</SubsystemCount></KRAList><RAList><SubsystemCount>0</Subsyst >>> Count>e >>> Count>m >>> Count></RAList><TKSList><SubsystemCount>0</SubsystemCount></TKSList> >>> Count>< >>> Count>T >>> PSList><SubsystemCount>0</SubsystemCount></TPSList></DomainInfo> >>> >>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: Cloning a domain >>> master >>> >>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: WizardPanelBase >>> updateDomainXML start hostname=ptipa1.example.com port=443 >>> >>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: updateSecurityDomain: >>> failed to update security domain using admin port 443: >>> org.xml.sax.SAXParseException; >>> lineNumber: 1; columnNumber: 50; White spaces are required between >>> publicId and systemId. >>> >>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: updateSecurityDomain: >>> now trying agent port with client auth >>> >>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: WizardPanelBase >>> updateDomainXML start hostname=ptipa1.example.com port=443 >>> >>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: updateDomainXML() >>> nickname=subsystemCert cert-pki-ca >>> >>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: WizardPanelBase >>> updateDomainXML: >>> status=1 >>> >>> [23/Mar/2016:17:56:51][http-bio-8443-exec-3]: Error while updating >>> security >>> domain: java.io.IOException: 2 >>> >>> [23/Mar/2016:23:44:52][http-bio-8080-exec-1]: according to ccMode, >>> authorization for servlet: caProfileList is LDAP based, not XML {1}, use >>> default authz mgr: {2}. >>> >>> /var/log/pki/pki-tomcat/ca/system >>> >>> 0.localhost-startStop-1 - [23/Mar/2016:17:55:24 EDT] [3] [3] Cannot >>> build CA chain. Error java.security.cert.CertificateException: >>> Certificate is not a PKCS >>> #11 certificate >>> >>> 0.localhost-startStop-1 - [23/Mar/2016:17:55:24 EDT] [13] [3] authz >>> instance DirAclAuthz initialization failed and skipped, >>> error=Property internaldb.ldapconn.port missing value >>> >>> *Dennis M Ott* >>> Infrastructure Administrator >>> Infrastructure and Security Operations >>> >>> *McKesson Corporation >>> McKesson Pharmacy Systems and Automation* www.mckesson.com >>> <http://www.mckesson.com/> >>>> -- >> Petr Vobornik >> > -- > Petr Vobornik > > -- > Manage your subscription for the Freeipa-users mailing list: > http://cp.mcafee.com/d/5fHCMUe6gUSyMVuXzX0VMSrhhjhupjvvhdEEFELcFKcECPp > ISHoHZalxOVIsWqehMGDpMQsyGeWOPtfhktZy0GM-xEGYCXslsttJtVNxeSICPpISr9PCJ > hbcat7Q2uPVv1dnoovaAVgtHzIv-iSBSWv6xIQh1ysM3d40tY8iEq8zh0qf0XUgBjwNeoa > lIl-BaMVsQv6QmhPPzNI5-Aq83iSbN_VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdl > jh0VMuq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh > Go to > http://cp.mcafee.com/d/FZsSd3gArhosLtNZwsUrdEEFELcFLLECQkkQnCkT6kjpISr > lIl-BaMVsSetd78UljIUqehl7tppKDEGe-N0lovgQlujtKaKeKSKYUMDrmjpISrdw0To_Y > BJU03xIQh1ysM3d40tY8iEq8zh0qf0XUgBjwNeoalIl-BaMVsQv6QmhPPzNI5-Aq83iSbN > _VbqnrFYq6BQQg3K3Ph17RzVmQQgixiuDDCy1Sdljh0VMuq85tFfUCy1Tp7QdK8CQPrNKVJUSyrh > for more info on the project > -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
