On 01/04/2017 07:24 PM, Daniel Schimpfoessl wrote:
From the logs:
/var/log/dirsrv/slapd-DOMAIN-COM/errors
... a few warnings about cache size, NSACLPLugin and schema-compat-plugin
[04/Jan/2017:12:14:21.392642021 -0600] slapd started. Listening on All
Interfaces port 389 for LDAP requests
/var/log/dirsrv/slapd-DOMAIN-COM/access
... lots of entries, not sure what to look for some lines contain RESULT
with err!=0
[04/Jan/2017:12:18:01.753400307 -0600] conn=5 op=243 RESULT err=32
tag=101 nentries=0 etime=0
[04/Jan/2017:12:18:01.786928085 -0600] conn=44 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
Hi Daniel,
are there any RESULT err=48 that could correspond to the error seen on
pki logs?
Flo
/var/log/dirsrv/slapd-DOMAIN-COM/errors
[04/Jan/2017:12:19:25.566022098 -0600] slapd shutting down - signaling
operation threads - op stack size 5 max work q size 2 max work q stack
size 2
[04/Jan/2017:12:19:25.572566622 -0600] slapd shutting down - closing
down internal subsystems and plugins
2017-01-04 8:38 GMT-06:00 Daniel Schimpfoessl <dan...@schimpfoessl.com
<mailto:dan...@schimpfoessl.com>>:
Do you have a list of all log files involved in IPA?
Would be good to consolidate them into ELK for analysis.
2017-01-04 2:48 GMT-06:00 Florence Blanc-Renaud <f...@redhat.com
<mailto:f...@redhat.com>>:
On 01/02/2017 07:24 PM, Daniel Schimpfoessl wrote:
Thanks for your reply.
This was the initial error I asked for help a while ago and
did not get
resolved. Further digging showed the recent errors.
The service was running (using ipactl start --force) and
only after a
restart I am getting a stack trace for two primary messages:
Could not connect to LDAP server host wwgwho01.webwim.com
<http://wwgwho01.webwim.com>
<http://wwgwho01.webwim.com> port 636 Error
netscape.ldap.LDAPException:
Authentication failed (48)
...
Internal Database Error encountered: Could not connect to
LDAP server
host wwgwho01.webwim.com <http://wwgwho01.webwim.com>
<http://wwgwho01.webwim.com> port 636 Error
netscape.ldap.LDAPException: Authentication failed (48)
...
and finally:
[02/Jan/2017:12:20:34][localhost-startStop-1]:
CMSEngine.shutdown()
2017-01-02 3:45 GMT-06:00 Florence Blanc-Renaud
<f...@redhat.com <mailto:f...@redhat.com>
<mailto:f...@redhat.com <mailto:f...@redhat.com>>>:
systemctl start pki-tomcatd@pki-tomcat.service
Hi Daniel,
the next step would be to understand the root cause of this
"Authentication failed (48)" error. Note the exact time of this
log and look for a corresponding log in the LDAP server logs
(/var/log/dirsrv/slapd-DOMAIN-COM/access), probably a failing
BIND with err=48. This may help diagnose the issue (if we can
see which certificate is used for the bind or if there is a
specific error message).
For the record, a successful bind over SSL would produce this
type of log where we can see the certificate subject and the
user mapped to this certificate:
[...] conn=47 fd=84 slot=84 SSL connection from 10.34.58.150 to
10.34.58.150
[...] conn=47 TLS1.2 128-bit AES; client CN=CA
Subsystem,O=DOMAIN.COM <http://DOMAIN.COM>; issuer
CN=Certificate Authority,O=DOMAIN.COM <http://DOMAIN.COM>
[...] conn=47 TLS1.2 client bound as uid=pkidbuser,ou=people,o=ipaca
[...] conn=47 op=0 BIND dn="" method=sasl version=3 mech=EXTERNAL
[...] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0
dn="uid=pkidbuser,ou=people,o=ipaca"
Flo
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
