On Tue, Dec 27, 2016 at 6:47 AM, Martin Basti <mba...@redhat.com> wrote: > > > On 27.12.2016 12:40, Outback Dingo wrote: >> >> On Tue, Dec 27, 2016 at 5:59 AM, Martin Basti <mba...@redhat.com> wrote: >>> >>> >>> On 27.12.2016 00:25, Outback Dingo wrote: >>>> >>>> Seems my secondary ipa server is somehow out of sync with the master, >>>> is there any way to force a sync update ? >>>> >>> Can you elaborate more? >>> >>> What exactly from DNS records is out of sync? >>> >>> Martin >> >> >> it appears as though at least one A record is missing there might be >> more but thats the first i noticed > > > > Can you please search for replication conflicts > > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html > > and do you have any replication errors in /var/log/dirsrv/slapd-*/errors > log on servers? > > Martin from the master ipa
[root@ipa dingo]# cat /var/log/dirsrv/slapd-*/errors 389-Directory/1.3.4.0 B2016.215.1556 ipa.optimcloud.com:636 (/etc/dirsrv/slapd-OPTIMCLOUD-COM) [20/Dec/2016:22:38:51 -0500] - SSL alert: Configured NSS Ciphers [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled [20/Dec/2016:22:38:51 -0500] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2 [20/Dec/2016:22:38:51 -0500] - 389-Directory/1.3.4.0 B2016.215.1556 starting up [20/Dec/2016:22:38:51 -0500] - WARNING: changelog: entry cache size 2097152B is less than db size 4169728B; We recommend to increase the entry cache size nsslapd-cachememsize. [20/Dec/2016:22:38:51 -0500] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. [20/Dec/2016:22:38:52 -0500] schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after the server startup! [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target ou=sudoers,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=users,cn=compat,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [20/Dec/2016:22:38:52 -0500] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates found, which should be added before the CoS Definition. [20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin - replica_check_for_data_reload: Warning: disordely shutdown for replica dc=optimcloud,dc=com. Check if DB RUV needs to be updated [20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin - replica_check_for_data_reload: Warning: disordely shutdown for replica o=ipaca. Check if DB RUV needs to be updated [20/Dec/2016:22:38:53 -0500] set_krb5_creds - Could not get initial credentials for principal [ldap/ipa.optimcloud....@optimcloud.com] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm) [20/Dec/2016:22:38:53 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 111 (Connection refused) [20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) () [20/Dec/2016:22:38:53 -0500] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 111 (Connection refused) [20/Dec/2016:22:38:53 -0500] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin - agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () [20/Dec/2016:22:38:53 -0500] schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds! [20/Dec/2016:22:38:53 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [20/Dec/2016:22:38:53 -0500] - Listening on All Interfaces port 636 for LDAPS requests [20/Dec/2016:22:38:53 -0500] - Listening on /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests [20/Dec/2016:22:38:57 -0500] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=optimcloud,dc=com [20/Dec/2016:22:38:58 -0500] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=optimcloud,dc=com [20/Dec/2016:22:38:58 -0500] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com [20/Dec/2016:22:38:58 -0500] schema-compat-plugin - Finished plugin initialization. [20/Dec/2016:22:38:58 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:38:58 -0500] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:38:58 -0500] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [20/Dec/2016:22:39:05 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:39:05 -0500] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:39:05 -0500] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [20/Dec/2016:22:39:17 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:39:17 -0500] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:39:17 -0500] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [20/Dec/2016:22:39:41 -0500] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:39:41 -0500] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [20/Dec/2016:22:39:41 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:40:29 -0500] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:40:29 -0500] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [20/Dec/2016:22:40:29 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:42:05 -0500] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:42:05 -0500] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [20/Dec/2016:22:42:05 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:45:17 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:45:17 -0500] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [20/Dec/2016:22:45:17 -0500] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389): Replication bind with SIMPLE auth resumed [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin - agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Replication bind with GSSAPI auth resumed [20/Dec/2016:22:50:14 -0500] agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389) - Can't locate CSN 5852cec0000000600000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized. [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389): Missing data encountered [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389): Incremental update failed and requires administrator action [20/Dec/2016:22:50:14 -0500] agmt="cn=meToipa2.optimcloud.com" (ipa2:389) - Can't locate CSN 58528dac000200040000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized. [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin - agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Missing data encountered [20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin - agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Incremental update failed and requires administrator action from the ipa2 slave [root@ipa2 dingo]# cat /var/log/dirsrv/slapd-*/errors 389-Directory/1.3.4.0 B2016.215.1556 ipa2.optimcloud.com:636 (/etc/dirsrv/slapd-OPTIMCLOUD-COM) [20/Dec/2016:22:49:22 -0500] - SSL alert: Configured NSS Ciphers [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled [20/Dec/2016:22:49:22 -0500] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2 [20/Dec/2016:22:49:22 -0500] - 389-Directory/1.3.4.0 B2016.215.1556 starting up [20/Dec/2016:22:49:22 -0500] - WARNING: changelog: entry cache size 2097152B is less than db size 4104192B; We recommend to increase the entry cache size nsslapd-cachememsize. [20/Dec/2016:22:49:22 -0500] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. [20/Dec/2016:22:49:22 -0500] schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after the server startup! [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target ou=sudoers,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=users,cn=compat,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not exist [20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [20/Dec/2016:22:49:22 -0500] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates found, which should be added before the CoS Definition. [20/Dec/2016:22:49:24 -0500] NSMMReplicationPlugin - replica_check_for_data_reload: Warning: disordely shutdown for replica o=ipaca. Check if DB RUV needs to be updated [20/Dec/2016:22:49:24 -0500] NSMMReplicationPlugin - replica_check_for_data_reload: Warning: disordely shutdown for replica dc=optimcloud,dc=com. Check if DB RUV needs to be updated [20/Dec/2016:22:49:24 -0500] set_krb5_creds - Could not get initial credentials for principal [ldap/ipa2.optimcloud....@optimcloud.com] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm) [20/Dec/2016:22:49:24 -0500] schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds! [20/Dec/2016:22:49:24 -0500] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Succ ess) [20/Dec/2016:22:49:24 -0500] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [20/Dec/2016:22:49:24 -0500] NSMMReplicationPlugin - agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [20/Dec/2016:22:49:24 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [20/Dec/2016:22:49:24 -0500] - Listening on All Interfaces port 636 for LDAPS requests [20/Dec/2016:22:49:24 -0500] - Listening on /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests [20/Dec/2016:22:49:27 -0500] NSMMReplicationPlugin - agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with GSSAPI auth resumed [20/Dec/2016:22:49:28 -0500] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=optimcloud,dc=com [20/Dec/2016:22:49:28 -0500] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=optimcloud,dc=com [20/Dec/2016:22:49:28 -0500] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com [20/Dec/2016:22:49:29 -0500] schema-compat-plugin - Finished plugin initialization. [22/Dec/2016:21:01:17 -0500] - SSL alert: Configured NSS Ciphers [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled [22/Dec/2016:21:01:17 -0500] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2 [22/Dec/2016:21:01:17 -0500] - 389-Directory/1.3.4.0 B2016.215.1556 starting up [22/Dec/2016:21:01:18 -0500] - WARNING: changelog: entry cache size 2097152B is less than db size 4096000B; We recommend to increase the entry cache size nsslapd-cachememsize. [22/Dec/2016:21:01:18 -0500] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. [22/Dec/2016:21:01:19 -0500] schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after the server startup! [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target ou=sudoers,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=users,cn=compat,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not exist [22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [22/Dec/2016:21:01:19 -0500] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates found, which should be added before the CoS Definition. [22/Dec/2016:21:01:21 -0500] NSMMReplicationPlugin - replica_check_for_data_reload: Warning: disordely shutdown for replica o=ipaca. Check if DB RUV needs to be updated [22/Dec/2016:21:01:21 -0500] NSMMReplicationPlugin - replica_check_for_data_reload: Warning: disordely shutdown for replica dc=optimcloud,dc=com. Check if DB RUV needs to be updated [22/Dec/2016:21:01:21 -0500] set_krb5_creds - Could not get initial credentials for principal [ldap/ipa2.optimcloud....@optimcloud.com] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm) [22/Dec/2016:21:01:21 -0500] schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds! [22/Dec/2016:21:01:21 -0500] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Succ ess) [22/Dec/2016:21:01:21 -0500] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [22/Dec/2016:21:01:21 -0500] NSMMReplicationPlugin - agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [22/Dec/2016:21:01:21 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [22/Dec/2016:21:01:21 -0500] - Listening on All Interfaces port 636 for LDAPS requests [22/Dec/2016:21:01:21 -0500] - Listening on /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests [22/Dec/2016:21:01:24 -0500] NSMMReplicationPlugin - agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with GSSAPI auth resumed [22/Dec/2016:21:01:25 -0500] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=optimcloud,dc=com [22/Dec/2016:21:01:26 -0500] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=optimcloud,dc=com [22/Dec/2016:21:01:26 -0500] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com [22/Dec/2016:21:01:26 -0500] schema-compat-plugin - Finished plugin initialization. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project