2024-11-18T08:38:48Z DEBUG Logging to /var/log/ipaserver-install.log 2024-11-18T08:38:48Z DEBUG ipa-server-install was invoked with arguments [] and options: {'unattended': True, 'ip_addresses': None, 'domain_name': None, 'realm_name': 'datalab.novalocal', 'host_name': None, 'ca_cert_files': None, 'domain_level': None, 'setup_adtrust': False, 'setup_kra': False, 'setup_dns': True, 'idstart': None, 'idmax': None, 'no_hbac_allow': False, 'no_pkinit': False, 'no_ui_redirect': False, 'dirsrv_config_file': None, 'skip_mem_check': False, 'dirsrv_cert_files': None, 'http_cert_files': None, 'pkinit_cert_files': None, 'dirsrv_cert_name': None, 'http_cert_name': None, 'pkinit_cert_name': None, 'mkhomedir': False, 'ntp_servers': None, 'ntp_pool': None, 'no_ntp': False, 'force_ntpd': False, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'subid': False, 'no_dns_sshfp': False, 'external_ca': False, 'external_ca_type': None, 'external_ca_profile': None, 'external_cert_files': None, 'subject_base': None, 'ca_subject': None, 'ca_signing_algorithm': None, 'pki_config_override': None, 'allow_zone_overlap': False, 'reverse_zones': None, 'no_reverse': False, 'auto_reverse': False, 'zonemgr': None, 'forwarders': None, 'no_forwarders': False, 'auto_forwarders': True, 'forward_policy': None, 'no_dnssec_validation': False, 'no_host_dns': False, 'enable_compat': False, 'no_msdcs': False, 'netbios_name': None, 'rid_base': None, 'secondary_rid_base': None, 'ignore_topology_disconnect': False, 'ignore_last_of_role': False, 'verbose': False, 'quiet': False, 'log_file': None, 'uninstall': False} 2024-11-18T08:38:48Z DEBUG IPA version 4.9.13-12.module+el8.10.0+1845+84a5752e 2024-11-18T08:38:48Z DEBUG IPA platform rhel 2024-11-18T08:38:48Z DEBUG IPA os-release Rocky Linux 8.10 (Green Obsidian) 2024-11-18T08:38:48Z DEBUG svmem(total=65672400896, available=64421277696, percent=1.9, used=551301120, free=63269285888, active=851591168, inactive=998641664, buffers=4898816, cached=1846915072, shared=30240768) 2024-11-18T08:38:48Z DEBUG Available memory is 64421277696B 2024-11-18T08:38:48Z DEBUG Searching for an interface of IP address: ::1 2024-11-18T08:38:48Z DEBUG Testing local IP address: ::1/128 (interface: lo) 2024-11-18T08:38:48Z DEBUG Starting external process 2024-11-18T08:38:48Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:38:48Z DEBUG Process finished, return code=0 2024-11-18T08:38:48Z DEBUG stdout= 2024-11-18T08:38:48Z DEBUG stderr= 2024-11-18T08:38:48Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:48Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:38:48Z DEBUG httpd is not configured 2024-11-18T08:38:48Z DEBUG kadmin is not configured 2024-11-18T08:38:48Z DEBUG dirsrv is not configured 2024-11-18T08:38:48Z DEBUG pki-tomcatd is not configured 2024-11-18T08:38:48Z DEBUG install is not configured 2024-11-18T08:38:48Z DEBUG krb5kdc is not configured 2024-11-18T08:38:48Z DEBUG named is not configured 2024-11-18T08:38:48Z DEBUG filestore is tracking no files 2024-11-18T08:38:48Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2024-11-18T08:38:48Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2024-11-18T08:38:48Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2024-11-18T08:38:48Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:38:48Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:48Z DEBUG Starting external process 2024-11-18T08:38:48Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service'] 2024-11-18T08:38:48Z DEBUG Process finished, return code=1 2024-11-18T08:38:48Z DEBUG stdout= 2024-11-18T08:38:48Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory 2024-11-18T08:38:48Z DEBUG Starting external process 2024-11-18T08:38:48Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service'] 2024-11-18T08:38:48Z DEBUG Process finished, return code=3 2024-11-18T08:38:48Z DEBUG stdout=inactive 2024-11-18T08:38:48Z DEBUG stderr= 2024-11-18T08:38:48Z DEBUG Starting external process 2024-11-18T08:38:48Z DEBUG args=['/bin/systemctl', 'is-enabled', 'systemd-timesyncd.service'] 2024-11-18T08:38:48Z DEBUG Process finished, return code=1 2024-11-18T08:38:48Z DEBUG stdout= 2024-11-18T08:38:48Z DEBUG stderr=Failed to get unit file state for systemd-timesyncd.service: No such file or directory 2024-11-18T08:38:48Z DEBUG Starting external process 2024-11-18T08:38:48Z DEBUG args=['/bin/systemctl', 'is-active', 'systemd-timesyncd.service'] 2024-11-18T08:38:48Z DEBUG Process finished, return code=3 2024-11-18T08:38:48Z DEBUG stdout=inactive 2024-11-18T08:38:48Z DEBUG stderr= 2024-11-18T08:38:48Z DEBUG Check if devbo01.datalab.novalocal is a primary hostname for localhost 2024-11-18T08:38:48Z DEBUG Primary hostname for localhost: devbo01.datalab.novalocal 2024-11-18T08:38:48Z DEBUG will use host_name: devbo01.datalab.novalocal 2024-11-18T08:38:48Z DEBUG read domain_name: datalab.novalocal 2024-11-18T08:38:48Z DEBUG Writing configuration file /etc/ipa/default.conf 2024-11-18T08:38:48Z DEBUG [global] host = devbo01.datalab.novalocal basedn = dc=datalab,dc=novalocal realm = DATALAB.NOVALOCAL domain = datalab.novalocal xmlrpc_uri = https://devbo01.datalab.novalocal/ipa/xml ldap_uri = ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket mode = production enable_ra = True ra_plugin = dogtag dogtag_version = 10 2024-11-18T08:38:48Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:38:48Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:38:49Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP 2024-11-18T08:38:49Z DEBUG check_port_bindable: bind success: 8443/TCP 2024-11-18T08:38:49Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP 2024-11-18T08:38:49Z DEBUG check_port_bindable: bind success: 8080/TCP 2024-11-18T08:38:49Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:38:49Z INFO Checking DNS domain datalab.novalocal., please wait ... 2024-11-18T08:38:49Z DEBUG Name devbo01.datalab.novalocal resolved to {UnsafeIPAddress('10.11.12.3')} 2024-11-18T08:38:49Z DEBUG Searching for an interface of IP address: 10.11.12.3 2024-11-18T08:38:49Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo) 2024-11-18T08:38:49Z DEBUG Testing local IP address: 10.11.12.3/255.255.255.0 (interface: eth0) 2024-11-18T08:38:49Z DEBUG IP address 10.11.12.3 belongs to a private range, using forward policy only 2024-11-18T08:38:49Z DEBUG systemd-resolved not detected, parsing /etc/resolv.conf 2024-11-18T08:38:49Z DEBUG Detected nameservers: [(0, IPv4Address('128.130.4.3')), (0, IPv4Address('128.131.4.3'))] 2024-11-18T08:38:49Z DEBUG Use nameservers ['128.130.4.3', '128.131.4.3'] 2024-11-18T08:38:49Z DEBUG Checking DNS server: 128.130.4.3 2024-11-18T08:38:49Z DEBUG Checking DNS server: 128.131.4.3 2024-11-18T08:38:49Z DEBUG will use DNS forwarders: ['128.130.4.3', '128.131.4.3'] 2024-11-18T08:38:49Z DEBUG LDAP is not connected, can not retrieve NetBIOS name 2024-11-18T08:38:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:49Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:49Z DEBUG Backing up system configuration file '/etc/hosts' 2024-11-18T08:38:49Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=0 2024-11-18T08:38:49Z DEBUG stdout= 2024-11-18T08:38:49Z DEBUG stderr= 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/sbin/restorecon', '/etc/pkcs11/modules/softhsm2.module'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=0 2024-11-18T08:38:49Z DEBUG stdout= 2024-11-18T08:38:49Z DEBUG stderr= 2024-11-18T08:38:49Z DEBUG Created PKCS#11 module config '/etc/pkcs11/modules/softhsm2.module'. 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=1 2024-11-18T08:38:49Z DEBUG stdout= 2024-11-18T08:38:49Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=3 2024-11-18T08:38:49Z DEBUG stdout=inactive 2024-11-18T08:38:49Z DEBUG stderr= 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'is-enabled', 'systemd-timesyncd.service'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=1 2024-11-18T08:38:49Z DEBUG stdout= 2024-11-18T08:38:49Z DEBUG stderr=Failed to get unit file state for systemd-timesyncd.service: No such file or directory 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'is-active', 'systemd-timesyncd.service'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=3 2024-11-18T08:38:49Z DEBUG stdout=inactive 2024-11-18T08:38:49Z DEBUG stderr= 2024-11-18T08:38:49Z DEBUG Search DNS for SRV record of _ntp._udp.None 2024-11-18T08:38:49Z DEBUG DNS record not found: NXDOMAIN 2024-11-18T08:38:49Z INFO Synchronizing time 2024-11-18T08:38:49Z WARNING No SRV records of NTP servers found and no NTP server or pool address was provided. 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'enable', 'chronyd.service'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=0 2024-11-18T08:38:49Z DEBUG stdout= 2024-11-18T08:38:49Z DEBUG stderr= 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'restart', 'chronyd.service'] 2024-11-18T08:38:50Z DEBUG Process finished, return code=0 2024-11-18T08:38:50Z DEBUG stdout= 2024-11-18T08:38:50Z DEBUG stderr= 2024-11-18T08:38:50Z DEBUG Starting external process 2024-11-18T08:38:50Z DEBUG args=['/bin/systemctl', 'is-active', 'chronyd.service'] 2024-11-18T08:38:50Z DEBUG Process finished, return code=0 2024-11-18T08:38:50Z DEBUG stdout=active 2024-11-18T08:38:50Z DEBUG stderr= 2024-11-18T08:38:50Z DEBUG Restart of chronyd.service complete 2024-11-18T08:38:50Z INFO Attempting to sync time with chronyc. 2024-11-18T08:38:50Z DEBUG Starting external process 2024-11-18T08:38:50Z DEBUG args=['/usr/bin/chronyc', '-d', 'waitsync', '4', '0', '0', '3'] 2024-11-18T08:38:56Z DEBUG Process finished, return code=0 2024-11-18T08:38:56Z DEBUG stdout=try: 1, refid: 00000000, correction: 0.000000000, skew: 0.000 try: 2, refid: 00000000, correction: 0.000000000, skew: 0.000 try: 3, refid: 5BCE0846, correction: 0.000000773, skew: 1.078 2024-11-18T08:38:56Z DEBUG stderr=Resolved 127.0.0.1 to 127.0.0.1 Resolved ::1 to ::1 Could not remove /run/chrony/chronyc.31185.sock : No such file or directory Opened Unix socket fd=3 remote=/run/chrony/chronyd.sock local=/run/chrony/chronyc.31185.sock Sent data fd=3 len=104 Timeout 1.000000 seconds Received data fd=3 len=104 Reply cmd=33 reply=5 stat=0 Sent data fd=3 len=104 Timeout 1.000000 seconds Received data fd=3 len=104 Reply cmd=33 reply=5 stat=0 Sent data fd=3 len=104 Timeout 1.000000 seconds Received data fd=3 len=104 Reply cmd=33 reply=5 stat=0 2024-11-18T08:38:56Z INFO Time synchronization was successful. 2024-11-18T08:38:56Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:56Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds 2024-11-18T08:38:56Z DEBUG [1/43]: creating directory server instance 2024-11-18T08:38:56Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:56Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:56Z DEBUG Running setup with verbose 2024-11-18T08:38:56Z DEBUG START: Starting installation ... 2024-11-18T08:38:56Z DEBUG READY: Preparing installation for DATALAB-NOVALOCAL... 2024-11-18T08:38:56Z INFO Validate installation settings ... 2024-11-18T08:38:56Z DEBUG PASSED: using config settings 999999999 2024-11-18T08:38:56Z DEBUG PASSED: user / group checking 2024-11-18T08:38:56Z DEBUG PASSED: prefix checking 2024-11-18T08:38:56Z DEBUG list() DATALAB-NOVALOCAL instance not found: missing /etc/dirsrv/slapd-DATALAB-NOVALOCAL/dse.ldif 2024-11-18T08:38:56Z DEBUG PASSED: instance checking 2024-11-18T08:38:56Z DEBUG INFO: temp root password set to tBtnU32yegXY425NjeJCF5yeFukXdxNkg3wO.Vhc.Smrc3yxMsoF2O8L0UDdvxcF2 2024-11-18T08:38:56Z DEBUG PASSED: root user checking 2024-11-18T08:38:56Z DEBUG PASSED: network avaliability checking 2024-11-18T08:38:56Z DEBUG READY: Beginning installation for DATALAB-NOVALOCAL... 2024-11-18T08:38:56Z DEBUG ACTION: Creating dse.ldif 2024-11-18T08:38:56Z INFO Create file system structures ... 2024-11-18T08:38:56Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:38:56Z DEBUG ACTION: creating /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:38:56Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db 2024-11-18T08:38:56Z DEBUG ACTION: creating /dev/shm/slapd-DATALAB-NOVALOCAL 2024-11-18T08:38:56Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:38:56Z DEBUG ACTION: creating /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:38:56Z DEBUG ACTION: creating /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:38:56Z DEBUG ACTION: creating /run/dirsrv 2024-11-18T08:38:57Z DEBUG b'CMD: systemctl enable dirsrv@DATALAB-NOVALOCAL ; STDOUT: ; STDERR: Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@DATALAB-NOVALOCAL.service \xe2\x86\x92 /usr/lib/systemd/system/dirsrv@.service.\n' 2024-11-18T08:38:57Z DEBUG ACTION: Creating certificate database is /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:38:57Z DEBUG Allocate with None 2024-11-18T08:38:57Z DEBUG Allocate with /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:38:57Z DEBUG Allocate with localhost:389 2024-11-18T08:38:57Z DEBUG Allocate with localhost:389 2024-11-18T08:38:57Z DEBUG nss cmd: /usr/bin/certutil -N -d /etc/dirsrv/slapd-DATALAB-NOVALOCAL -f /etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt -@ /etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt 2024-11-18T08:38:57Z DEBUG nss output: 2024-11-18T08:38:57Z INFO Perform SELinux labeling ... 2024-11-18T08:39:00Z DEBUG Setting label dirsrv_var_lib_t in SELinux file context /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak. Attempt 0 2024-11-18T08:39:03Z DEBUG Setting label dirsrv_config_t in SELinux file context /etc/dirsrv/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T08:39:05Z DEBUG Setting label dirsrv_var_lib_t in SELinux file context /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db. Attempt 0 2024-11-18T08:39:08Z DEBUG Setting label dirsrv_var_lib_t in SELinux file context /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif. Attempt 0 2024-11-18T08:39:10Z DEBUG Setting label dirsrv_var_lock_t in SELinux file context /var/run/lock/dirsrv/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T08:39:13Z DEBUG Setting label dirsrv_var_log_t in SELinux file context /var/log/dirsrv/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T08:39:15Z DEBUG Setting label dirsrv_tmpfs_t in SELinux file context /dev/shm/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T08:39:17Z DEBUG Setting label dirsrv_var_run_t in SELinux file context /var/run/dirsrv. Attempt 0 2024-11-18T08:39:20Z DEBUG Setting label dirsrv_config_t in SELinux file context /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema. Attempt 0 2024-11-18T08:39:22Z DEBUG port 389 already in [389, 636, 3268, 3269, 7389], skipping port relabel 2024-11-18T08:39:22Z DEBUG asan_enabled=False 2024-11-18T08:39:22Z DEBUG libfaketime installed =False 2024-11-18T08:39:22Z DEBUG systemd status -> True 2024-11-18T08:39:22Z DEBUG systemd status -> True 2024-11-18T08:39:24Z DEBUG open(): Connecting to uri ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:39:24Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:24Z DEBUG Using external ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:24Z DEBUG Using /etc/openldap/ldap.conf certificate policy 2024-11-18T08:39:24Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 2024-11-18T08:39:24Z DEBUG open(): Using root autobind ... 2024-11-18T08:39:24Z DEBUG open(): bound as cn=Directory Manager 2024-11-18T08:39:24Z DEBUG Retrieving entry with [('',)] 2024-11-18T08:39:24Z DEBUG Retrieved entry [dn: vendorVersion: 389-Directory/1.4.3.39 B2024.255.0858 ] 2024-11-18T08:39:24Z DEBUG open(): Connecting to uri ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:39:24Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:24Z DEBUG Using external ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:24Z DEBUG Using /etc/openldap/ldap.conf certificate policy 2024-11-18T08:39:24Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 2024-11-18T08:39:24Z DEBUG open(): Using root autobind ... 2024-11-18T08:39:24Z DEBUG open(): bound as cn=Directory Manager 2024-11-18T08:39:24Z DEBUG Retrieving entry with [('',)] 2024-11-18T08:39:24Z DEBUG Retrieved entry [dn: vendorVersion: 389-Directory/1.4.3.39 B2024.255.0858 ] 2024-11-18T08:39:24Z DEBUG cn=config set REPLACE: ('nsslapd-secureport', '636') 2024-11-18T08:39:24Z DEBUG Checking "None" under cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config : {'cn': 'entryUUID', 'nsSystemIndex': 'false', 'nsIndexType': ['eq', 'pres']} 2024-11-18T08:39:24Z DEBUG Using first property cn: entryUUID as rdn 2024-11-18T08:39:24Z DEBUG Validated dn cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG Creating cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updating dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config with {'objectclass': [b'top', b'nsIndex']} 2024-11-18T08:39:24Z DEBUG updating dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config with {'cn': [b'entryUUID'], 'nsSystemIndex': [b'false'], 'nsIndexType': [b'eq', b'pres']} 2024-11-18T08:39:24Z DEBUG Created entry cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config : {'objectclass': [b'top', b'nsIndex'], 'cn': [b'entryUUID'], 'nsSystemIndex': [b'false'], 'nsIndexType': [b'eq', b'pres']} 2024-11-18T08:39:24Z INFO Create database backend: dc=datalab,dc=novalocal ... 2024-11-18T08:39:24Z DEBUG Checking "None" under cn=ldbm database,cn=plugins,cn=config : {'cn': 'userRoot', 'nsslapd-suffix': 'dc=datalab,dc=novalocal'} 2024-11-18T08:39:24Z DEBUG Using first property cn: userRoot as rdn 2024-11-18T08:39:24Z DEBUG _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=dc=datalab,dc=novalocal)(nsslapd-backend=dc=datalab,dc=novalocal))) 2024-11-18T08:39:24Z DEBUG _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=userRoot)(nsslapd-backend=userRoot))) 2024-11-18T08:39:24Z DEBUG Validated dn cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG Creating cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updating dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance']} 2024-11-18T08:39:24Z DEBUG updating dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config with {'cn': [b'userRoot'], 'nsslapd-suffix': [b'dc=datalab,dc=novalocal']} 2024-11-18T08:39:24Z DEBUG Created entry cn=userRoot,cn=ldbm database,cn=plugins,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance'], 'cn': [b'userRoot'], 'nsslapd-suffix': [b'dc=datalab,dc=novalocal']} 2024-11-18T08:39:24Z DEBUG Checking "None" under cn=mapping tree,cn=config : {'cn': [b'dc=datalab,dc=novalocal'], 'nsslapd-state': 'backend', 'nsslapd-backend': [b'userRoot']} 2024-11-18T08:39:24Z DEBUG Using first property cn: dc\=datalab\,dc\=novalocal as rdn 2024-11-18T08:39:24Z DEBUG Validated dn cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T08:39:24Z DEBUG Creating cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T08:39:24Z DEBUG updating dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree']} 2024-11-18T08:39:24Z DEBUG updating dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config with {'cn': [b'dc=datalab,dc=novalocal', b'dc\\=datalab\\,dc\\=novalocal'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userRoot']} 2024-11-18T08:39:24Z DEBUG Created entry cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree'], 'cn': [b'dc=datalab,dc=novalocal', b'dc\\=datalab\\,dc\\=novalocal'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userRoot']} 2024-11-18T08:39:24Z DEBUG Adding sasl maps for suffix dc=datalab,dc=novalocal 2024-11-18T08:39:24Z DEBUG Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'rfc 2829 u syntax', 'nsSaslMapRegexString': '^u:\\(.*\\)', 'nsSaslMapBaseDNTemplate': 'dc=datalab,dc=novalocal', 'nsSaslMapFilterTemplate': '(uid=\\1)'} 2024-11-18T08:39:24Z DEBUG Using first property cn: rfc 2829 u syntax as rdn 2024-11-18T08:39:24Z DEBUG Validated dn cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG Creating cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} 2024-11-18T08:39:24Z DEBUG updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} 2024-11-18T08:39:24Z DEBUG Created entry cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} 2024-11-18T08:39:24Z DEBUG Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'uid mapping', 'nsSaslMapRegexString': '^[^:@]+$', 'nsSaslMapBaseDNTemplate': 'dc=datalab,dc=novalocal', 'nsSaslMapFilterTemplate': '(uid=&)'} 2024-11-18T08:39:24Z DEBUG Using first property cn: uid mapping as rdn 2024-11-18T08:39:24Z DEBUG Validated dn cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG Creating cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} 2024-11-18T08:39:24Z DEBUG updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} 2024-11-18T08:39:24Z DEBUG Created entry cn=uid mapping,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} 2024-11-18T08:39:24Z INFO Perform post-installation tasks ... 2024-11-18T08:39:24Z DEBUG cn=config set REPLACE: ('nsslapd-rootpw', '********') 2024-11-18T08:39:24Z DEBUG systemd status -> True 2024-11-18T08:39:24Z DEBUG systemd status -> True 2024-11-18T08:39:27Z DEBUG systemd status -> True 2024-11-18T08:39:27Z DEBUG systemd status -> True 2024-11-18T08:39:29Z DEBUG 🎉 Instance setup complete 2024-11-18T08:39:29Z DEBUG FINISH: Completed installation for instance: slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:29Z DEBUG Allocate local instance with ldapi://%2fvar%2frun%2fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:39:29Z DEBUG open(): Connecting to uri ldapi://%2fvar%2frun%2fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:39:29Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:29Z DEBUG Using external ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:29Z DEBUG Using /etc/openldap/ldap.conf certificate policy 2024-11-18T08:39:29Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 2024-11-18T08:39:29Z DEBUG open(): Using root autobind ... 2024-11-18T08:39:29Z DEBUG open(): bound as cn=Directory Manager 2024-11-18T08:39:29Z DEBUG Retrieving entry with [('',)] 2024-11-18T08:39:29Z DEBUG Retrieved entry [dn: vendorVersion: 389-Directory/1.4.3.39 B2024.255.0858 ] 2024-11-18T08:39:29Z DEBUG Retrieving entry with [('cn=Multisupplier Replication Plugin,cn=plugins,cn=config',)] 2024-11-18T08:39:29Z DEBUG Checking "None" under None : {'dc': 'datalab', 'info': 'IPA V2.0'} 2024-11-18T08:39:29Z DEBUG Validated dn dc=datalab,dc=novalocal 2024-11-18T08:39:29Z DEBUG Creating dc=datalab,dc=novalocal 2024-11-18T08:39:29Z DEBUG updating dn: dc=datalab,dc=novalocal 2024-11-18T08:39:29Z DEBUG updated dn: dc=datalab,dc=novalocal with {'objectclass': [b'top', b'domain', b'pilotObject']} 2024-11-18T08:39:29Z DEBUG updating dn: dc=datalab,dc=novalocal 2024-11-18T08:39:29Z DEBUG updated dn: dc=datalab,dc=novalocal with {'dc': [b'datalab'], 'info': [b'IPA V2.0']} 2024-11-18T08:39:29Z DEBUG Created entry dc=datalab,dc=novalocal : {'objectclass': [b'top', b'domain', b'pilotObject'], 'dc': [b'datalab'], 'info': [b'IPA V2.0']} 2024-11-18T08:39:29Z DEBUG completed creating DS instance 2024-11-18T08:39:29Z DEBUG step duration: dirsrv __create_instance 33.20 sec 2024-11-18T08:39:29Z DEBUG [2/43]: tune ldbm plugin 2024-11-18T08:39:29Z DEBUG Starting external process 2024-11-18T08:39:29Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ldbm-tuning.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:29Z DEBUG Process finished, return code=0 2024-11-18T08:39:29Z DEBUG stdout=replace nsslapd-db-locks: 50000 modifying entry "cn=bdb,cn=config,cn=ldbm database,cn=plugins,cn=config" modify complete 2024-11-18T08:39:29Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:29Z DEBUG step duration: dirsrv __tune_ldbm 0.03 sec 2024-11-18T08:39:29Z DEBUG [3/43]: adding default schema 2024-11-18T08:39:29Z DEBUG step duration: dirsrv __add_default_schemas 0.01 sec 2024-11-18T08:39:29Z DEBUG [4/43]: enabling memberof plugin 2024-11-18T08:39:29Z DEBUG Starting external process 2024-11-18T08:39:29Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/memberof-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:29Z DEBUG Process finished, return code=0 2024-11-18T08:39:29Z DEBUG stdout=replace nsslapd-pluginenabled: on add memberofgroupattr: memberUser add memberofgroupattr: memberHost add memberofgroupattr: ipaOwner modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" modify complete 2024-11-18T08:39:29Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:29Z DEBUG step duration: dirsrv __add_memberof_module 0.28 sec 2024-11-18T08:39:29Z DEBUG [5/43]: enabling winsync plugin 2024-11-18T08:39:29Z DEBUG Starting external process 2024-11-18T08:39:29Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-winsync-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:30Z DEBUG Process finished, return code=0 2024-11-18T08:39:30Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa-winsync add nsslapd-pluginpath: libipa_winsync add nsslapd-plugininitfunc: ipa_winsync_plugin_init add nsslapd-pluginDescription: Allows IPA to work with the DS windows sync feature add nsslapd-pluginid: ipa-winsync add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-plugin-depends-on-type: database add ipaWinSyncRealmFilter: (objectclass=krbRealmContainer) add ipaWinSyncRealmAttr: cn add ipaWinSyncNewEntryFilter: (cn=ipaConfig) add ipaWinSyncNewUserOCAttr: ipauserobjectclasses add ipaWinSyncUserFlatten: true add ipaWinsyncHomeDirAttr: ipaHomesRootDir add ipaWinsyncLoginShellAttr: ipaDefaultLoginShell add ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup add ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) add ipaWinSyncAcctDisable: both add ipaWinSyncForceSync: true add ipaWinSyncUserAttr: uidNumber -1 gidNumber -1 adding new entry "cn=ipa-winsync,cn=plugins,cn=config" modify complete 2024-11-18T08:39:30Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:30Z DEBUG step duration: dirsrv __add_winsync_module 0.28 sec 2024-11-18T08:39:30Z DEBUG [6/43]: configure password logging 2024-11-18T08:39:30Z DEBUG Starting external process 2024-11-18T08:39:30Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/pw-logging-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:30Z DEBUG Process finished, return code=0 2024-11-18T08:39:30Z DEBUG stdout=replace nsslapd-unhashed-pw-switch: nolog modifying entry "cn=config" modify complete 2024-11-18T08:39:30Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:30Z DEBUG step duration: dirsrv __password_logging 0.28 sec 2024-11-18T08:39:30Z DEBUG [7/43]: configuring replication version plugin 2024-11-18T08:39:30Z DEBUG Starting external process 2024-11-18T08:39:30Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpwuemrtfd', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:30Z DEBUG Process finished, return code=0 2024-11-18T08:39:30Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Version Replication add nsslapd-pluginpath: libipa_repl_version add nsslapd-plugininitfunc: repl_version_plugin_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: off add nsslapd-pluginid: ipa_repl_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Replication version plugin add nsslapd-plugin-depends-on-type: database add nsslapd-plugin-depends-on-named: Multimaster Replication Plugin adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" modify complete 2024-11-18T08:39:30Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:30Z DEBUG step duration: dirsrv __config_version_module 0.28 sec 2024-11-18T08:39:30Z DEBUG [8/43]: enabling IPA enrollment plugin 2024-11-18T08:39:30Z DEBUG Starting external process 2024-11-18T08:39:30Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpaw_ve6yr', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:30Z DEBUG Process finished, return code=0 2024-11-18T08:39:30Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_enrollment_extop add nsslapd-pluginpath: libipa_enrollment_extop add nsslapd-plugininitfunc: ipaenrollment_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_enrollment_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Enroll hosts into the IPA domain add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=datalab,dc=novalocal adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" modify complete 2024-11-18T08:39:30Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:30Z DEBUG step duration: dirsrv __add_enrollment_module 0.28 sec 2024-11-18T08:39:30Z DEBUG [9/43]: configuring uniqueness plugin 2024-11-18T08:39:30Z DEBUG Starting external process 2024-11-18T08:39:30Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpakmd3oa3', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:31Z DEBUG Process finished, return code=0 2024-11-18T08:39:31Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: krbPrincipalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbPrincipalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=datalab,dc=novalocal add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal add uniqueness-across-all-subtrees: on adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: krbCanonicalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbCanonicalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=datalab,dc=novalocal add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal add uniqueness-across-all-subtrees: on adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: netgroup uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=ng,cn=alt,dc=datalab,dc=novalocal add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: ipaUniqueID uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: ipaUniqueID add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=datalab,dc=novalocal add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal add uniqueness-across-all-subtrees: on adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: sudorule name uniqueness add nsslapd-pluginDescription: Enforce unique attribute values add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=sudorules,cn=sudo,dc=datalab,dc=novalocal add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" modify complete 2024-11-18T08:39:31Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:31Z DEBUG step duration: dirsrv __set_unique_attrs 0.55 sec 2024-11-18T08:39:31Z DEBUG [10/43]: configuring uuid plugin 2024-11-18T08:39:31Z DEBUG Starting external process 2024-11-18T08:39:31Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/uuid-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:31Z DEBUG Process finished, return code=0 2024-11-18T08:39:31Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA UUID add nsslapd-pluginpath: libipa_uuid add nsslapd-plugininitfunc: ipauuid_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipauuid_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA UUID plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA UUID,cn=plugins,cn=config" modify complete 2024-11-18T08:39:31Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:31Z DEBUG Starting external process 2024-11-18T08:39:31Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmhjh0srr', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:32Z DEBUG Process finished, return code=0 2024-11-18T08:39:32Z DEBUG stdout=add objectclass: top extensibleObject add cn: IPA Unique IDs add ipaUuidAttr: ipaUniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation)) add ipaUuidScope: dc=datalab,dc=novalocal add ipaUuidEnforce: TRUE adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: IPK11 Unique IDs add ipaUuidAttr: ipk11UniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (objectclass=ipk11Object) add ipaUuidScope: dc=datalab,dc=novalocal add ipaUuidEnforce: FALSE adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete 2024-11-18T08:39:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:32Z DEBUG step duration: dirsrv __config_uuid_module 0.56 sec 2024-11-18T08:39:32Z DEBUG [11/43]: configuring modrdn plugin 2024-11-18T08:39:32Z DEBUG Starting external process 2024-11-18T08:39:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/modrdn-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:32Z DEBUG Process finished, return code=0 2024-11-18T08:39:32Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA MODRDN add nsslapd-pluginpath: libipa_modrdn add nsslapd-plugininitfunc: ipamodrdn_init add nsslapd-plugintype: betxnpostoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipamodrdn_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA MODRDN plugin add nsslapd-plugin-depends-on-type: database add nsslapd-pluginPrecedence: 60 adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" modify complete 2024-11-18T08:39:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:32Z DEBUG Starting external process 2024-11-18T08:39:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmilkiuhs', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:32Z DEBUG Process finished, return code=0 2024-11-18T08:39:32Z DEBUG stdout=add objectclass: top extensibleObject add cn: Kerberos Principal Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbPrincipalName add ipaModRDNsuffix: @DATALAB.NOVALOCAL add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=datalab,dc=novalocal adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: Kerberos Canonical Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbCanonicalName add ipaModRDNsuffix: @DATALAB.NOVALOCAL add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=datalab,dc=novalocal adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete 2024-11-18T08:39:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:32Z DEBUG step duration: dirsrv __config_modrdn_module 0.56 sec 2024-11-18T08:39:32Z DEBUG [12/43]: configuring DNS plugin 2024-11-18T08:39:32Z DEBUG Starting external process 2024-11-18T08:39:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-dns-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:32Z DEBUG Process finished, return code=0 2024-11-18T08:39:32Z DEBUG stdout=add objectclass: top nsslapdPlugin extensibleObject add cn: IPA DNS add nsslapd-plugindescription: IPA DNS support plugin add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_dns add nsslapd-plugininitfunc: ipadns_init add nsslapd-pluginpath: libipa_dns.so add nsslapd-plugintype: preoperation add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-pluginversion: 1.0 add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA DNS,cn=plugins,cn=config" modify complete 2024-11-18T08:39:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:32Z DEBUG step duration: dirsrv __config_dns_module 0.28 sec 2024-11-18T08:39:32Z DEBUG [13/43]: enabling entryUSN plugin 2024-11-18T08:39:32Z DEBUG Starting external process 2024-11-18T08:39:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/entryusn.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:33Z DEBUG Process finished, return code=0 2024-11-18T08:39:33Z DEBUG stdout=replace nsslapd-entryusn-global: on modifying entry "cn=config" modify complete replace nsslapd-entryusn-import-initval: next modifying entry "cn=config" modify complete replace nsslapd-pluginenabled: on modifying entry "cn=USN,cn=plugins,cn=config" modify complete 2024-11-18T08:39:33Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:33Z DEBUG step duration: dirsrv __enable_entryusn 0.55 sec 2024-11-18T08:39:33Z DEBUG [14/43]: configuring lockout plugin 2024-11-18T08:39:33Z DEBUG Starting external process 2024-11-18T08:39:33Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/lockout-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:33Z DEBUG Process finished, return code=0 2024-11-18T08:39:33Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Lockout add nsslapd-pluginpath: libipa_lockout add nsslapd-plugininitfunc: ipalockout_init add nsslapd-plugintype: object add nsslapd-pluginenabled: on add nsslapd-pluginid: ipalockout_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Lockout plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA Lockout,cn=plugins,cn=config" modify complete 2024-11-18T08:39:33Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:33Z DEBUG step duration: dirsrv __config_lockout_module 0.28 sec 2024-11-18T08:39:33Z DEBUG [15/43]: configuring graceperiod plugin 2024-11-18T08:39:33Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:39:33Z DEBUG Starting external process 2024-11-18T08:39:33Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/graceperiod-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:34Z DEBUG Process finished, return code=0 2024-11-18T08:39:34Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Graceperiod add nsslapd-pluginpath: libipa_graceperiod add nsslapd-plugininitfunc: ipagraceperiod_init add nsslapd-plugintype: object add nsslapd-pluginenabled: on add nsslapd-pluginid: ipagraceperiod_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Graceperiod plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA Graceperiod,cn=plugins,cn=config" modify complete 2024-11-18T08:39:34Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:34Z DEBUG step duration: dirsrv config_graceperiod_module 0.53 sec 2024-11-18T08:39:34Z DEBUG [16/43]: configuring topology plugin 2024-11-18T08:39:34Z DEBUG Starting external process 2024-11-18T08:39:34Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpcpahtgcq', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:34Z DEBUG Process finished, return code=0 2024-11-18T08:39:34Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: IPA Topology Configuration add nsslapd-pluginPath: libtopology add nsslapd-pluginInitfunc: ipa_topo_init add nsslapd-pluginType: object add nsslapd-pluginEnabled: on add nsslapd-topo-plugin-shared-config-base: cn=ipa,cn=etc,dc=datalab,dc=novalocal add nsslapd-topo-plugin-shared-replica-root: dc=datalab,dc=novalocal o=ipaca add nsslapd-topo-plugin-shared-binddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal add nsslapd-topo-plugin-startup-delay: 20 add nsslapd-pluginId: none add nsslapd-plugin-depends-on-named: ldbm database Multimaster Replication Plugin add nsslapd-pluginVersion: 1.0 add nsslapd-pluginVendor: none add nsslapd-pluginDescription: none adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config" modify complete 2024-11-18T08:39:34Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:34Z DEBUG step duration: dirsrv __config_topology_module 0.28 sec 2024-11-18T08:39:34Z DEBUG [17/43]: creating indices 2024-11-18T08:39:34Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:39:34Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:39:35Z DEBUG Created connection context.ldap2_139840944247640 2024-11-18T08:39:35Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T08:39:35Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:39:35Z DEBUG Parsing update file '/usr/share/ipa/updates/20-indices.update' 2024-11-18T08:39:35Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:39:35Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:39:36Z DEBUG New entry: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'accessRuleType', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['accessRuleType'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG accessRuleType 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'altSecurityIdentities', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['altSecurityIdentities'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG altSecurityIdentities 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'automountkey', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['automountkey'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG automountkey 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'automountMapName', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['automountMapName'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG automountMapName 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'carLicense', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['carLicense'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG carLicense 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'description', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['description'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG description 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'displayname', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['displayname'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG displayname 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'fqdn', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['fqdn'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG fqdn 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'gidnumber', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['gidnumber'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG gidnumber 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG nsMatchingRule: 2024-11-18T08:39:36Z DEBUG integerOrderingMatch 2024-11-18T08:39:36Z DEBUG New entry: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'hostCategory', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['hostCategory'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG hostCategory 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'idnsName', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['idnsName'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG idnsName 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaallowedtarget', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaallowedtarget'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaallowedtarget 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaAnchorUUID', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaAnchorUUID'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaAnchorUUID 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaassignedidview', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaassignedidview'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaassignedidview 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaCASubjectDN', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaCASubjectDN'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaCASubjectDN 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaCertmapData', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaCertmapData'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaCertmapData 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaConfigString', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaConfigString'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaConfigString 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaEnabledFlag', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaEnabledFlag'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaEnabledFlag 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaExternalMember', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaExternalMember'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaExternalMember 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaIdpDevAuthEndpoint', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaIdpDevAuthEndpoint'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaIdpDevAuthEndpoint 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaIdpAuthEndpoint', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaIdpAuthEndpoint'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaIdpAuthEndpoint 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaIdpScope', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaIdpScope'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaIdpScope 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaIdpTokenEndpoint', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaIdpTokenEndpoint'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaIdpTokenEndpoint 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaKrbAuthzData', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaKrbAuthzData'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaKrbAuthzData 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipakrbprincipalalias', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipakrbprincipalalias'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipakrbprincipalalias 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipalocation', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipalocation'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipalocation 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaMemberCa', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaMemberCa'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaMemberCa 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaMemberCertProfile', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaMemberCertProfile'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaMemberCertProfile 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaNTSecurityIdentifier', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaNTSecurityIdentifier'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaNTSecurityIdentifier 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaNTTrustPartner', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaNTTrustPartner'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaNTTrustPartner 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaOriginalUid', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaOriginalUid'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaOriginalUid 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaOwner', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaOwner'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaOwner 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipasudorunas', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipasudorunas'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipasudorunas 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaSubGidNumber', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaSubGidNumber'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaSubGidNumber 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG nsMatchingRule: 2024-11-18T08:39:36Z DEBUG integerOrderingMatch 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaSubUidNumber', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaSubUidNumber'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaSubUidNumber 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG nsMatchingRule: 2024-11-18T08:39:36Z DEBUG integerOrderingMatch 2024-11-18T08:39:36Z DEBUG New entry: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'sudoorder', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['sudoorder'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG sudoorder 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG nsMatchingRule: 2024-11-18T08:39:36Z DEBUG integerOrderingMatch 2024-11-18T08:39:36Z DEBUG New entry: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipasudorunasgroup', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipasudorunasgroup'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipasudorunasgroup 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipatokenradiusconfiglink', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipatokenradiusconfiglink'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipatokenradiusconfiglink 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipauniqueid', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipauniqueid'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipauniqueid 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipServicePort', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipServicePort'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipServicePort 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'krbCanonicalName', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['krbCanonicalName'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG krbCanonicalName 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'krbPasswordExpiration', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['krbPasswordExpiration'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG krbPasswordExpiration 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'krbPrincipalName', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['krbPrincipalName'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG add: 'caseIgnoreIA5Match' to nsMatchingRule, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['caseIgnoreIA5Match'] 2024-11-18T08:39:36Z DEBUG add: 'caseExactIA5Match' to nsMatchingRule, current value ['caseIgnoreIA5Match'] 2024-11-18T08:39:36Z DEBUG add: updated value ['caseIgnoreIA5Match', 'caseExactIA5Match'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG krbPrincipalName 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG nsMatchingRule: 2024-11-18T08:39:36Z DEBUG caseIgnoreIA5Match 2024-11-18T08:39:36Z DEBUG caseExactIA5Match 2024-11-18T08:39:36Z DEBUG New entry: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'l', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['l'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG l 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'macAddress', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['macAddress'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG macAddress 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'managedby', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['managedby'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG managedby 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'manager', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['manager'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG manager 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG member 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'member', current value ['member'] 2024-11-18T08:39:36Z DEBUG only: updated value ['member'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG member 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG [(0, 'nsIndexType', ['pres', 'sub'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres', b'sub'])] 2024-11-18T08:39:36Z DEBUG Done 2024-11-18T08:39:36Z DEBUG New entry: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberallowcmd', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberallowcmd'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberallowcmd 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberdenycmd', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberdenycmd'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberdenycmd 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberHost', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberHost'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberHost 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberManager', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberManager'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberManager 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberOf 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberOf', current value ['memberOf'] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberOf'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberOf 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T08:39:36Z DEBUG Done 2024-11-18T08:39:36Z DEBUG New entry: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberPrincipal', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberPrincipal'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberPrincipal 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberservice', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberservice'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberservice 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberuid', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberuid'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberuid 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberUser', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberUser'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberUser 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'nsHardwarePlatform', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['nsHardwarePlatform'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG nsHardwarePlatform 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'nsHostLocation', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['nsHostLocation'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG nsHostLocation 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'nsOsVersion', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['nsOsVersion'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG nsOsVersion 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ntUniqueId 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'ntUniqueId', current value ['ntUniqueId'] 2024-11-18T08:39:36Z DEBUG only: updated value ['ntUniqueId'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ntUniqueId 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG [(0, 'nsIndexType', ['pres'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres'])] 2024-11-18T08:39:36Z DEBUG Done 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ntUserDomainId 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'ntUserDomainId', current value ['ntUserDomainId'] 2024-11-18T08:39:36Z DEBUG only: updated value ['ntUserDomainId'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ntUserDomainId 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG [(0, 'nsIndexType', ['pres'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres'])] 2024-11-18T08:39:36Z DEBUG Done 2024-11-18T08:39:36Z DEBUG New entry: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ou', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ou'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ou 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG owner 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'owner', current value ['owner'] 2024-11-18T08:39:36Z DEBUG only: updated value ['owner'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG owner 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T08:39:36Z DEBUG Done 2024-11-18T08:39:36Z DEBUG New entry: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'secretary', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['secretary'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG secretary 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG seeAlso 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'seealso', current value ['seeAlso'] 2024-11-18T08:39:36Z DEBUG only: updated value ['seealso'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG seealso 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG [(1, 'cn', ['seeAlso']), (0, 'cn', ['seealso']), (0, 'nsIndexType', ['sub'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(1, 'cn', [b'seeAlso']), (0, 'cn', [b'seealso']), (0, 'nsIndexType', [b'sub'])] 2024-11-18T08:39:37Z DEBUG Done 2024-11-18T08:39:37Z DEBUG New entry: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG only: set cn to 'serverhostname', current value [] 2024-11-18T08:39:37Z DEBUG only: updated value ['serverhostname'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG serverhostname 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG sub 2024-11-18T08:39:37Z DEBUG New entry: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG only: set cn to 'sourcehost', current value [] 2024-11-18T08:39:37Z DEBUG only: updated value ['sourcehost'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:37Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG sourcehost 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG pres 2024-11-18T08:39:37Z DEBUG sub 2024-11-18T08:39:37Z DEBUG New entry: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG only: set cn to 'title', current value [] 2024-11-18T08:39:37Z DEBUG only: updated value ['title'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG title 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG sub 2024-11-18T08:39:37Z DEBUG Updating existing entry: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG uid 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG only: set cn to 'uid', current value ['uid'] 2024-11-18T08:39:37Z DEBUG only: updated value ['uid'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG uid 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG sub 2024-11-18T08:39:37Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T08:39:37Z DEBUG Updated 1 2024-11-18T08:39:37Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T08:39:37Z DEBUG Done 2024-11-18T08:39:37Z DEBUG New entry: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG only: set cn to 'uidnumber', current value [] 2024-11-18T08:39:37Z DEBUG only: updated value ['uidnumber'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG uidnumber 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG nsMatchingRule: 2024-11-18T08:39:37Z DEBUG integerOrderingMatch 2024-11-18T08:39:37Z DEBUG Updating existing entry: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG uniquemember 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG only: set cn to 'uniquemember', current value ['uniquemember'] 2024-11-18T08:39:37Z DEBUG only: updated value ['uniquemember'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG uniquemember 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG sub 2024-11-18T08:39:37Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T08:39:37Z DEBUG Updated 1 2024-11-18T08:39:37Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T08:39:37Z DEBUG Done 2024-11-18T08:39:37Z DEBUG New entry: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG only: set cn to 'userCertificate', current value [] 2024-11-18T08:39:37Z DEBUG only: updated value ['userCertificate'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG userCertificate 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG pres 2024-11-18T08:39:37Z DEBUG Creating task cn=indextask_139512119771007710_4178,cn=index,cn=tasks,cn=config to index attributes: accessRuleType, altSecurityIdentities, automountMapName, automountkey, carLicense, description, displayname, fqdn, gidnumber, hostCategory, idnsName, ipServicePort, ipaAnchorUUID, ipaCASubjectDN, ipaCertmapData, ipaConfigString, ipaEnabledFlag, ipaExternalMember, ipaIdpAuthEndpoint, ipaIdpDevAuthEndpoint, ipaIdpScope, ipaIdpTokenEndpoint, ipaKrbAuthzData, ipaMemberCa, ipaMemberCertProfile, ipaNTSecurityIdentifier, ipaNTTrustPartner, ipaOriginalUid, ipaOwner, ipaSubGidNumber, ipaSubUidNumber, ipaallowedtarget, ipaassignedidview, ipakrbprincipalalias, ipalocation, ipasudorunas, ipasudorunasgroup, ipatokenradiusconfiglink, ipauniqueid, krbCanonicalName, krbPasswordExpiration, krbPrincipalName, l, macAddress, managedby, manager, member, memberHost, memberManager, memberOf, memberPrincipal, memberUser, memberallowcmd, memberdenycmd, memberservice, memberuid, nsHardwarePlatform, nsHostLocation, nsOsVersion, ntUniqueId, ntUserDomainId, ou, owner, secretary, seealso, serverhostname, sourcehost, sudoorder, title, uid, uidnumber, uniquemember, userCertificate 2024-11-18T08:39:38Z DEBUG Indexing finished 2024-11-18T08:39:38Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-indices.update 2.185 sec 2024-11-18T08:39:38Z DEBUG Destroyed connection context.ldap2_139840944247640 2024-11-18T08:39:38Z DEBUG step duration: dirsrv __create_indices 3.61 sec 2024-11-18T08:39:38Z DEBUG [18/43]: enabling referential integrity plugin 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/referint-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:38Z DEBUG Process finished, return code=0 2024-11-18T08:39:38Z DEBUG stdout=replace nsslapd-pluginenabled: on modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" modify complete 2024-11-18T08:39:38Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:38Z DEBUG step duration: dirsrv __add_referint_module 0.28 sec 2024-11-18T08:39:38Z DEBUG [19/43]: configuring certmap.conf 2024-11-18T08:39:38Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:39:38Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:39:38Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:39:38Z DEBUG step duration: dirsrv __certmap_conf 0.01 sec 2024-11-18T08:39:38Z DEBUG [20/43]: configure new location for managed entries 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpqqd14oj4', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:38Z DEBUG Process finished, return code=0 2024-11-18T08:39:38Z DEBUG stdout=add nsslapd-pluginConfigArea: cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal modifying entry "cn=Managed Entries,cn=plugins,cn=config" modify complete 2024-11-18T08:39:38Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:38Z DEBUG step duration: dirsrv __repoint_managed_entries 0.03 sec 2024-11-18T08:39:38Z DEBUG [21/43]: configure dirsrv ccache and keytab 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:39:38Z DEBUG Process finished, return code=0 2024-11-18T08:39:38Z DEBUG stdout= 2024-11-18T08:39:38Z DEBUG stderr= 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/sbin/restorecon', '/etc/systemd/system/dirsrv@DATALAB-NOVALOCAL.service.d/ipa-env.conf'] 2024-11-18T08:39:38Z DEBUG Process finished, return code=0 2024-11-18T08:39:38Z DEBUG stdout= 2024-11-18T08:39:38Z DEBUG stderr= 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:39:38Z DEBUG Process finished, return code=0 2024-11-18T08:39:38Z DEBUG stdout= 2024-11-18T08:39:38Z DEBUG stderr= 2024-11-18T08:39:38Z DEBUG step duration: dirsrv configure_systemd_ipa_env 0.34 sec 2024-11-18T08:39:38Z DEBUG [22/43]: enabling SASL mapping fallback 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpzcymy0md', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:39Z DEBUG Process finished, return code=0 2024-11-18T08:39:39Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback: on modifying entry "cn=config" modify complete 2024-11-18T08:39:39Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:39Z DEBUG step duration: dirsrv __enable_sasl_mapping_fallback 0.29 sec 2024-11-18T08:39:39Z DEBUG [23/43]: restarting directory server 2024-11-18T08:39:39Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:39:39Z DEBUG Starting external process 2024-11-18T08:39:39Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:39:39Z DEBUG Process finished, return code=0 2024-11-18T08:39:39Z DEBUG stdout= 2024-11-18T08:39:39Z DEBUG stderr= 2024-11-18T08:39:39Z DEBUG Starting external process 2024-11-18T08:39:39Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:43Z DEBUG Process finished, return code=0 2024-11-18T08:39:43Z DEBUG stdout= 2024-11-18T08:39:43Z DEBUG stderr= 2024-11-18T08:39:43Z DEBUG Starting external process 2024-11-18T08:39:43Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:43Z DEBUG Process finished, return code=0 2024-11-18T08:39:43Z DEBUG stdout=active 2024-11-18T08:39:43Z DEBUG stderr= 2024-11-18T08:39:43Z DEBUG wait_for_open_ports: localhost [389] timeout 120 2024-11-18T08:39:43Z DEBUG waiting for port: 389 2024-11-18T08:39:43Z DEBUG SUCCESS: port: 389 2024-11-18T08:39:43Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:39:43Z DEBUG Starting external process 2024-11-18T08:39:43Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:43Z DEBUG Process finished, return code=0 2024-11-18T08:39:43Z DEBUG stdout=active 2024-11-18T08:39:43Z DEBUG stderr= 2024-11-18T08:39:43Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:39:43Z DEBUG step duration: dirsrv __restart_instance 4.63 sec 2024-11-18T08:39:43Z DEBUG [24/43]: adding sasl mappings to the directory 2024-11-18T08:39:43Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:39:43Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:39:44Z DEBUG step duration: dirsrv __configure_sasl_mappings 0.68 sec 2024-11-18T08:39:44Z DEBUG [25/43]: adding default layout 2024-11-18T08:39:44Z DEBUG Starting external process 2024-11-18T08:39:44Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmnfs27ns', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:45Z DEBUG Process finished, return code=0 2024-11-18T08:39:45Z DEBUG stdout=add objectClass: top nsContainer add cn: accounts adding new entry "cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: users adding new entry "cn=users,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: groups adding new entry "cn=groups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: services adding new entry "cn=services,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: computers adding new entry "cn=computers,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: hostgroups adding new entry "cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: ipservices adding new entry "cn=ipservices,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer add cn: alt adding new entry "cn=alt,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer add cn: ng adding new entry "cn=ng,cn=alt,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer add cn: automount adding new entry "cn=automount,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer add cn: default adding new entry "cn=default,cn=automount,dc=datalab,dc=novalocal" modify complete add objectClass: automountMap add automountMapName: auto.master adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=datalab,dc=novalocal" modify complete add objectClass: automountMap add automountMapName: auto.direct adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=datalab,dc=novalocal" modify complete add objectClass: automount add automountKey: /- add automountInformation: auto.direct add description: /- auto.direct adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: hbac adding new entry "cn=hbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: hbacservices adding new entry "cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: hbacservicegroups adding new entry "cn=hbacservicegroups,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: sudo adding new entry "cn=sudo,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: sudocmds adding new entry "cn=sudocmds,cn=sudo,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: sudocmdgroups adding new entry "cn=sudocmdgroups,cn=sudo,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: sudorules adding new entry "cn=sudorules,cn=sudo,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: etc adding new entry "cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: locations adding new entry "cn=locations,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: sysaccounts adding new entry "cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: ipa adding new entry "cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: masters adding new entry "cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: replicas adding new entry "cn=replicas,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: dna adding new entry "cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: posix-ids adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: subordinate-ids adding new entry "cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: ca_renewal adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: certificates adding new entry "cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: custodia adding new entry "cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: dogtag adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: s4u2proxy adding new entry "cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: ipaKrb5DelegationACL groupOfPrincipals top add cn: ipa-http-delegation add memberPrincipal: HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL add ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: groupOfPrincipals top add cn: ipa-ldap-delegation-targets add memberPrincipal: ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: groupOfPrincipals top add cn: ipa-cifs-delegation-targets adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: top person posixaccount krbprincipalaux krbticketpolicyaux inetuser ipaobject ipasshuser add uid: admin add krbPrincipalName: admin@DATALAB.NOVALOCAL root@DATALAB.NOVALOCAL add cn: Administrator add sn: Administrator add uidNumber: 1251600000 add gidNumber: 1251600000 add homeDirectory: /home/admin add loginShell: /bin/bash add gecos: Administrator add nsAccountLock: FALSE add ipaUniqueID: autogenerate adding new entry "uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames posixgroup ipausergroup ipaobject add cn: admins add description: Account administrators group add gidNumber: 1251600000 add member: uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal add nsAccountLock: FALSE add ipaUniqueID: autogenerate adding new entry "cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup ipausergroup ipaobject add description: Default group for all users add cn: ipausers add ipaUniqueID: autogenerate adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames posixgroup ipausergroup ipaobject add gidNumber: 1251600002 add description: Limited admins who can edit other users add cn: editors add ipaUniqueID: autogenerate adding new entry "cn=editors,cn=groups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top groupOfNames nestedGroup ipaobject ipahostgroup add description: IPA server hosts add cn: ipaservers add ipaUniqueID: autogenerate adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: sshd add description: sshd add ipauniqueid: autogenerate adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: ftp add description: ftp add ipauniqueid: autogenerate adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: su add description: su add ipauniqueid: autogenerate adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: login add description: login add ipauniqueid: autogenerate adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: su-l add description: su with login shell add ipauniqueid: autogenerate adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: sudo add description: sudo add ipauniqueid: autogenerate adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: sudo-i add description: sudo-i add ipauniqueid: autogenerate adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: systemd-user add description: pam_systemd and systemd user@.service add ipauniqueid: autogenerate adding new entry "cn=systemd-user,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: gdm add description: gdm add ipauniqueid: autogenerate adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: gdm-password add description: gdm-password add ipauniqueid: autogenerate adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: kdm add description: kdm add ipauniqueid: autogenerate adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectClass: ipaobject ipahbacservicegroup nestedGroup groupOfNames top add cn: Sudo add ipauniqueid: autogenerate add description: Default group of Sudo related services add member: cn=sudo,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal cn=sudo-i,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top ipaGuiConfig ipaConfigObject add ipaUserSearchFields: uid,givenname,sn,telephonenumber,ou,title add ipaGroupSearchFields: cn,description add ipaSearchTimeLimit: 2 add ipaSearchRecordsLimit: 100 add ipaHomesRootDir: /home add ipaDefaultLoginShell: /bin/sh add ipaDefaultPrimaryGroup: ipausers add ipaMaxUsernameLength: 32 add ipaMaxHostnameLength: 64 add ipaPwdExpAdvNotify: 4 add ipaGroupObjectClasses: top groupofnames nestedgroup ipausergroup ipaobject add ipaUserObjectClasses: top person organizationalperson inetorgperson inetuser posixaccount krbprincipalaux krbticketpolicyaux ipaobject ipasshuser add ipaDefaultEmailDomain: datalab.novalocal add ipaMigrationEnabled: FALSE add ipaConfigString: AllowNThash KDC:Disable Last Success add ipaSELinuxUserMapOrder: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 add ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023 adding new entry "cn=ipaConfig,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: top nsContainer add cn: cosTemplates adding new entry "cn=cosTemplates,cn=accounts,dc=datalab,dc=novalocal" modify complete add description: Password Policy based on group membership add objectClass: top ldapsubentry cosSuperDefinition cosClassicDefinition add cosTemplateDn: cn=cosTemplates,cn=accounts,dc=datalab,dc=novalocal add cosAttribute: krbPwdPolicyReference override add cosSpecifier: memberOf adding new entry "cn=Password Policy,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: selinux adding new entry "cn=selinux,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: usermap adding new entry "cn=usermap,cn=selinux,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: ranges adding new entry "cn=ranges,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: top ipaIDrange ipaDomainIDRange add cn: DATALAB.NOVALOCAL_id_range add ipaBaseID: 1251600000 add ipaIDRangeSize: 200000 add ipaRangeType: ipa-local adding new entry "cn=DATALAB.NOVALOCAL_id_range,cn=ranges,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: top ipaIDrange ipaTrustedADDomainRange add cn: DATALAB.NOVALOCAL_subid_range add ipaBaseID: 2147483648 add ipaIDRangeSize: 2147352576 add ipaBaseRID: 2147283648 add ipaNTTrustedDomainSID: S-1-5-21-738065-838566-1496016953 add ipaRangeType: ipa-ad-trust adding new entry "cn=DATALAB.NOVALOCAL_subid_range,cn=ranges,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: ca adding new entry "cn=ca,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: certprofiles adding new entry "cn=certprofiles,cn=ca,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: caacls adding new entry "cn=caacls,cn=ca,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: cas adding new entry "cn=cas,cn=ca,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:45Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:45Z DEBUG step duration: dirsrv __add_default_layout 0.94 sec 2024-11-18T08:39:45Z DEBUG [26/43]: adding delegation layout 2024-11-18T08:39:45Z DEBUG Starting external process 2024-11-18T08:39:45Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpksf49r9f', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:45Z DEBUG Process finished, return code=0 2024-11-18T08:39:45Z DEBUG stdout=add objectClass: top nsContainer add cn: roles adding new entry "cn=roles,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: pbac adding new entry "cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: privileges adding new entry "cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: permissions adding new entry "cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: helpdesk add description: Helpdesk adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: User Administrators add description: User Administrators adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Group Administrators add description: Group Administrators adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Administrators add description: Host Administrators adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Group Administrators add description: Host Group Administrators adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Delegation Administrator add description: Role administration adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: DNS Administrators add description: DNS Administrators adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: DNS Servers add description: DNS Servers adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Service Administrators add description: Service Administrators adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Automount Administrators add description: Automount Administrators adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Netgroups Administrators add description: Netgroups Administrators adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Certificate Administrators add description: Certificate Administrators adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Replication Administrators add description: Replication Administrators add member: cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Enrollment add description: Host Enrollment adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Stage User Administrators add description: Stage User Administrators adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Stage User Provisioning add description: Stage User Provisioning adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Add Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Modify Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Read Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Remove Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Modify DNA Range add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: virtual operations adding new entry "cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Retrieve Certificates from the CA add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Request Certificate add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Request Certificates from a different host add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Get Certificates status from the CA add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Revoke Certificate add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Certificate Remove Hold add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: External IdP server Administrators add description: External IdP server Administrators adding new entry "cn=External IdP server Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:45Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:45Z DEBUG step duration: dirsrv __add_delegation_layout 0.60 sec 2024-11-18T08:39:45Z DEBUG [27/43]: creating container for managed entries 2024-11-18T08:39:45Z DEBUG Starting external process 2024-11-18T08:39:45Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmprw03de2g', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:46Z DEBUG Process finished, return code=0 2024-11-18T08:39:46Z DEBUG stdout=add objectClass: nsContainer top add cn: Managed Entries adding new entry "cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: Templates adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: Definitions adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:46Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:46Z DEBUG step duration: dirsrv __managed_entries 0.29 sec 2024-11-18T08:39:46Z DEBUG [28/43]: configuring user private groups 2024-11-18T08:39:46Z DEBUG Starting external process 2024-11-18T08:39:46Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp8przcyh9', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:46Z DEBUG Process finished, return code=0 2024-11-18T08:39:46Z DEBUG stdout=add objectclass: mepTemplateEntry add cn: UPG Template add mepRDNAttr: cn add mepStaticAttr: objectclass: posixgroup objectclass: ipaobject ipaUniqueId: autogenerate add mepMappedAttr: cn: $uid gidNumber: $uidNumber description: User private group for $uid adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: extensibleObject add cn: UPG Definition add originScope: cn=users,cn=accounts,dc=datalab,dc=novalocal add originFilter: (&(objectclass=posixAccount)(!(description=__no_upg__))) add managedBase: cn=groups,cn=accounts,dc=datalab,dc=novalocal add managedTemplate: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:46Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:46Z DEBUG step duration: dirsrv __user_private_groups 0.29 sec 2024-11-18T08:39:46Z DEBUG [29/43]: configuring netgroups from hostgroups 2024-11-18T08:39:46Z DEBUG Starting external process 2024-11-18T08:39:46Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpy8xsn_v2', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:46Z DEBUG Process finished, return code=0 2024-11-18T08:39:46Z DEBUG stdout=add objectclass: mepTemplateEntry add cn: NGP HGP Template add mepRDNAttr: cn add mepStaticAttr: ipaUniqueId: autogenerate objectclass: ipanisnetgroup objectclass: ipaobject nisDomainName: datalab.novalocal add mepMappedAttr: cn: $cn memberHost: $dn description: ipaNetgroup $cn adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: extensibleObject add cn: NGP Definition add originScope: cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal add originFilter: objectclass=ipahostgroup add managedBase: cn=ng,cn=alt,dc=datalab,dc=novalocal add managedTemplate: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:46Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:46Z DEBUG step duration: dirsrv __host_nis_groups 0.28 sec 2024-11-18T08:39:46Z DEBUG [30/43]: creating default Sudo bind user 2024-11-18T08:39:46Z DEBUG Starting external process 2024-11-18T08:39:46Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp2ye5xyg6', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:47Z DEBUG Process finished, return code=0 2024-11-18T08:39:47Z DEBUG stdout=add objectclass: account simplesecurityobject add uid: sudo add userPassword: XXXXXXXX add passwordExpirationTime: 20380119031407Z add nsIdleTimeout: 0 adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:47Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:47Z DEBUG step duration: dirsrv __add_sudo_binduser 0.34 sec 2024-11-18T08:39:47Z DEBUG [31/43]: creating default Auto Member layout 2024-11-18T08:39:47Z DEBUG Starting external process 2024-11-18T08:39:47Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpyvbqn4kk', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:47Z DEBUG Process finished, return code=0 2024-11-18T08:39:47Z DEBUG stdout=add nsslapd-pluginConfigArea: cn=automember,cn=etc,dc=datalab,dc=novalocal modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" modify complete add objectClass: top nsContainer add cn: automember adding new entry "cn=automember,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: autoMemberDefinition add cn: Hostgroup add autoMemberScope: cn=computers,cn=accounts,dc=datalab,dc=novalocal add autoMemberFilter: objectclass=ipaHost add autoMemberGroupingAttr: member:dn adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: autoMemberDefinition add cn: Group add autoMemberScope: cn=users,cn=accounts,dc=datalab,dc=novalocal add autoMemberFilter: objectclass=posixAccount add autoMemberGroupingAttr: member:dn adding new entry "cn=Group,cn=automember,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:47Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:47Z DEBUG step duration: dirsrv __add_automember_config 0.30 sec 2024-11-18T08:39:47Z DEBUG [32/43]: adding range check plugin 2024-11-18T08:39:47Z DEBUG Starting external process 2024-11-18T08:39:47Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpm8up_9lx', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:47Z DEBUG Process finished, return code=0 2024-11-18T08:39:47Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Range-Check add nsslapd-pluginpath: libipa_range_check add nsslapd-plugininitfunc: ipa_range_check_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_range_check_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Range-Check plugin add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=datalab,dc=novalocal adding new entry "cn=IPA Range-Check,cn=plugins,cn=config" modify complete 2024-11-18T08:39:47Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:47Z DEBUG step duration: dirsrv __add_range_check_plugin 0.28 sec 2024-11-18T08:39:47Z DEBUG [33/43]: creating default HBAC rule allow_all 2024-11-18T08:39:47Z DEBUG Starting external process 2024-11-18T08:39:47Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp3kj0ic_h', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:48Z DEBUG Process finished, return code=0 2024-11-18T08:39:48Z DEBUG stdout=add objectclass: ipaassociation ipahbacrule add cn: allow_all add accessruletype: allow add usercategory: all add hostcategory: all add servicecategory: all add ipaenabledflag: TRUE add description: Allow all users to access any host from any host add ipauniqueid: autogenerate adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipaassociation ipahbacrule add cn: allow_systemd-user add accessruletype: allow add usercategory: all add hostcategory: all add memberService: cn=systemd-user,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal add ipaenabledflag: TRUE add description: Allow pam_systemd to run user@.service to create a system user session add ipauniqueid: autogenerate adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:48Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:48Z DEBUG step duration: dirsrv add_hbac 0.32 sec 2024-11-18T08:39:48Z DEBUG [34/43]: adding entries for topology management 2024-11-18T08:39:48Z DEBUG Starting external process 2024-11-18T08:39:48Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpw_bq30wt', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:48Z DEBUG Process finished, return code=0 2024-11-18T08:39:48Z DEBUG stdout=add objectclass: top nsContainer add cn: topology adding new entry "cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: top iparepltopoconf add ipaReplTopoConfRoot: dc=datalab,dc=novalocal add nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime add nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime add nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp add cn: domain adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:48Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:48Z DEBUG step duration: dirsrv __add_topology_entries 0.28 sec 2024-11-18T08:39:48Z DEBUG [35/43]: initializing group membership 2024-11-18T08:39:48Z DEBUG Starting external process 2024-11-18T08:39:48Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpi4cl9h9r', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:48Z DEBUG Process finished, return code=0 2024-11-18T08:39:48Z DEBUG stdout=add objectClass: top extensibleObject add cn: IPA install add basedn: dc=datalab,dc=novalocal add filter: (objectclass=*) add ttl: 10 adding new entry "cn=IPA install 1731919136, cn=memberof task, cn=tasks, cn=config" modify complete 2024-11-18T08:39:48Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:48Z DEBUG Waiting for memberof task to complete. 2024-11-18T08:39:48Z DEBUG step duration: dirsrv init_memberof 0.54 sec 2024-11-18T08:39:48Z DEBUG [36/43]: adding master entry 2024-11-18T08:39:48Z DEBUG Starting external process 2024-11-18T08:39:48Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpnddukv4n', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:49Z DEBUG Process finished, return code=0 2024-11-18T08:39:49Z DEBUG stdout=add objectclass: top nsContainer ipaReplTopoManagedServer ipaConfigObject ipaSupportedDomainLevelConfig add cn: devbo01.datalab.novalocal add ipaReplTopoManagedSuffix: dc=datalab,dc=novalocal add ipaMinDomainLevel: 1 add ipaMaxDomainLevel: 1 adding new entry "cn=devbo01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:49Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:49Z DEBUG step duration: dirsrv __add_master_entry 0.28 sec 2024-11-18T08:39:49Z DEBUG [37/43]: initializing domain level 2024-11-18T08:39:49Z DEBUG Starting external process 2024-11-18T08:39:49Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpv0ful43t', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:49Z DEBUG Process finished, return code=0 2024-11-18T08:39:49Z DEBUG stdout=add objectClass: top nsContainer ipaDomainLevelConfig add ipaDomainLevel: 1 adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:49Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:49Z DEBUG step duration: dirsrv __set_domain_level 0.28 sec 2024-11-18T08:39:49Z DEBUG [38/43]: configuring Posix uid/gid generation 2024-11-18T08:39:49Z DEBUG Starting external process 2024-11-18T08:39:49Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpz43u0oww', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:49Z DEBUG Process finished, return code=0 2024-11-18T08:39:49Z DEBUG stdout=add objectclass: top extensibleObject add cn: Posix IDs add dnaType: uidNumber gidNumber add dnaNextValue: 1251600000 add dnaMaxValue: 1251799999 add dnaMagicRegen: -1 add dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) add dnaScope: dc=datalab,dc=novalocal add dnaThreshold: 500 add dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal add dnaExcludeScope: cn=provisioning,dc=datalab,dc=novalocal adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: Subordinate IDs add dnaType: ipasubuidnumber ipasubgidnumber add dnaNextValue: 2147483648 add dnaMaxValue: 4294836224 add dnaMagicRegen: -1 add dnaFilter: (objectClass=ipaSubordinateId) add dnaScope: dc=datalab,dc=novalocal add dnaThreshold: 500 add dnaSharedCfgDN: cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal add dnaExcludeScope: cn=provisioning,dc=datalab,dc=novalocal add dnaInterval: 65536 adding new entry "cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete replace nsslapd-pluginEnabled: on modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete 2024-11-18T08:39:49Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:49Z DEBUG step duration: dirsrv __config_uidgid_gen 0.05 sec 2024-11-18T08:39:49Z DEBUG [39/43]: adding replication acis 2024-11-18T08:39:49Z DEBUG Starting external process 2024-11-18T08:39:49Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpexz27ozw', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:50Z DEBUG Process finished, return code=0 2024-11-18T08:39:50Z DEBUG stdout=add aci: (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete add aci: (targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add aci: (targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=tasks,cn=config" modify complete 2024-11-18T08:39:50Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:50Z DEBUG step duration: dirsrv __add_replication_acis 0.58 sec 2024-11-18T08:39:50Z DEBUG [40/43]: activating sidgen plugin 2024-11-18T08:39:50Z DEBUG Starting external process 2024-11-18T08:39:50Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpfwjxv4me', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:50Z DEBUG Process finished, return code=0 2024-11-18T08:39:50Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA SIDGEN add nsslapd-pluginpath: libipa_sidgen add nsslapd-plugininitfunc: ipa_sidgen_init add nsslapd-plugintype: postoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_sidgen_postop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA SIDGEN post operation add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=datalab,dc=novalocal adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config" modify complete 2024-11-18T08:39:50Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:50Z DEBUG step duration: dirsrv _add_sidgen_plugin 0.11 sec 2024-11-18T08:39:50Z DEBUG [41/43]: activating extdom plugin 2024-11-18T08:39:50Z DEBUG Starting external process 2024-11-18T08:39:50Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmppj6a_vcg', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:50Z DEBUG Process finished, return code=0 2024-11-18T08:39:50Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_extdom_extop add nsslapd-pluginpath: libipa_extdom_extop add nsslapd-plugininitfunc: ipa_extdom_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_extdom_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Support resolving IDs in trusted domains to names and back add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=datalab,dc=novalocal adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config" modify complete 2024-11-18T08:39:50Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:50Z DEBUG step duration: dirsrv _add_extdom_plugin 0.29 sec 2024-11-18T08:39:50Z DEBUG [42/43]: configuring directory to start on boot 2024-11-18T08:39:50Z DEBUG Starting external process 2024-11-18T08:39:50Z DEBUG args=['/bin/systemctl', 'is-enabled', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:50Z DEBUG Process finished, return code=0 2024-11-18T08:39:50Z DEBUG stdout=enabled 2024-11-18T08:39:50Z DEBUG stderr= 2024-11-18T08:39:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:39:50Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:39:50Z DEBUG Starting external process 2024-11-18T08:39:50Z DEBUG args=['/bin/systemctl', 'disable', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:50Z DEBUG Process finished, return code=0 2024-11-18T08:39:50Z DEBUG stdout= 2024-11-18T08:39:50Z DEBUG stderr=Removed /etc/systemd/system/multi-user.target.wants/dirsrv@DATALAB-NOVALOCAL.service. Removed /etc/systemd/system/dirsrv.target.wants/dirsrv@DATALAB-NOVALOCAL.service. 2024-11-18T08:39:50Z DEBUG step duration: dirsrv __enable 0.32 sec 2024-11-18T08:39:50Z DEBUG [43/43]: restarting directory server 2024-11-18T08:39:50Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:39:50Z DEBUG Starting external process 2024-11-18T08:39:50Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:39:51Z DEBUG Process finished, return code=0 2024-11-18T08:39:51Z DEBUG stdout= 2024-11-18T08:39:51Z DEBUG stderr= 2024-11-18T08:39:51Z DEBUG Starting external process 2024-11-18T08:39:51Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout= 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout=active 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG wait_for_open_ports: localhost [389] timeout 120 2024-11-18T08:39:55Z DEBUG waiting for port: 389 2024-11-18T08:39:55Z DEBUG SUCCESS: port: 389 2024-11-18T08:39:55Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout=active 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:39:55Z DEBUG step duration: dirsrv __restart_instance 4.62 sec 2024-11-18T08:39:55Z DEBUG Done configuring directory server (dirsrv). 2024-11-18T08:39:55Z DEBUG service duration: dirsrv 59.09 sec 2024-11-18T08:39:55Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/bin/keyctl', 'get_persistent', '@s', '0'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout=861881560 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Enabling persistent keyring CCACHE 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=3 2024-11-18T08:39:55Z DEBUG stdout=inactive 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:39:55Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/bin/systemctl', 'stop', 'krb5kdc.service'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout= 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Stop of krb5kdc.service complete 2024-11-18T08:39:55Z DEBUG Configuring Kerberos KDC (krb5kdc) 2024-11-18T08:39:55Z DEBUG [1/10]: adding kerberos container to the directory 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpleomgpk6', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout=add objectClass: krbContainer top add cn: kerberos adding new entry "cn=kerberos,dc=datalab,dc=novalocal" modify complete add cn: DATALAB.NOVALOCAL add objectClass: top krbrealmcontainer krbticketpolicyaux add krbSubTrees: dc=datalab,dc=novalocal add krbSearchScope: 2 add krbSupportedEncSaltTypes: aes256-cts:normal aes256-cts:special aes128-cts:normal aes128-cts:special aes128-sha2:normal aes128-sha2:special aes256-sha2:normal aes256-sha2:special camellia128-cts-cmac:normal camellia128-cts-cmac:special camellia256-cts-cmac:normal camellia256-cts-cmac:special add krbMaxTicketLife: 86400 add krbMaxRenewableAge: 604800 add krbDefaultEncSaltTypes: aes256-sha2:special aes128-sha2:special aes256-cts:special aes128-cts:special adding new entry "cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer krbPwdPolicy ipaPwdPolicy add krbMinPwdLife: 3600 add krbPwdMinDiffChars: 0 add krbPwdMinLength: 8 add krbPwdHistoryLength: 0 add krbMaxPwdLife: 7776000 add krbPwdMaxFailure: 6 add krbPwdFailureCountInterval: 60 add krbPwdLockoutDuration: 600 add passwordGraceLimit: -1 adding new entry "cn=global_policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:55Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:55Z DEBUG step duration: krb5kdc __add_krb_container 0.29 sec 2024-11-18T08:39:55Z DEBUG [2/10]: configuring KDC 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf' 2024-11-18T08:39:55Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/etc/krb5.conf' 2024-11-18T08:39:55Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa-server' 2024-11-18T08:39:55Z DEBUG -> Not backing up - '/etc/krb5.conf.d/freeipa-server' doesn't exist 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa' 2024-11-18T08:39:55Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini' 2024-11-18T08:39:55Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con' 2024-11-18T08:39:55Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con' 2024-11-18T08:39:55Z DEBUG -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/usr/bin/klist', '-V'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout=Kerberos 5 version 1.18.2 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc' 2024-11-18T08:39:55Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout= 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/sbin/restorecon', '/etc/sysconfig/krb5kdc'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout= 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG step duration: krb5kdc __configure_instance 0.08 sec 2024-11-18T08:39:55Z DEBUG [3/10]: initialize kerberos container 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['kdb5_util', 'create', '-s', '-r', 'DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:39:56Z DEBUG Process finished, return code=0 2024-11-18T08:39:56Z DEBUG stdout=Loading random data Initializing database '/var/kerberos/krb5kdc/principal' for realm 'DATALAB.NOVALOCAL', master key name 'K/M@DATALAB.NOVALOCAL' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re-enter KDC database master key to verify: 2024-11-18T08:39:56Z DEBUG stderr= 2024-11-18T08:39:56Z DEBUG step duration: krb5kdc __init_ipa_kdb 0.88 sec 2024-11-18T08:39:56Z DEBUG [4/10]: adding default ACIs 2024-11-18T08:39:56Z DEBUG Starting external process 2024-11-18T08:39:56Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpiyccz31e', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:57Z DEBUG Process finished, return code=0 2024-11-18T08:39:57Z DEBUG stdout=add aci: (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) modifying entry "dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) modifying entry "dc=datalab,dc=novalocal" modify complete add aci: (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) modifying entry "cn=etc,dc=datalab,dc=novalocal" modify complete add aci: (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) modifying entry "cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) modifying entry "cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) modifying entry "cn=services,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) modifying entry "cn=services,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) modifying entry "cn=computers,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) modifying entry "cn=computers,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) modifying entry "cn=computers,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) modifying entry "cn=groups,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) modifying entry "cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) modifying entry "cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) modifying entry "dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:57Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:57Z DEBUG step duration: krb5kdc __add_default_acis 0.33 sec 2024-11-18T08:39:57Z DEBUG [5/10]: creating a keytab for the directory 2024-11-18T08:39:57Z DEBUG Starting external process 2024-11-18T08:39:57Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:39:57Z DEBUG Process finished, return code=0 2024-11-18T08:39:57Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Principal "ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL" created. 2024-11-18T08:39:57Z DEBUG stderr=No policy specified for ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL; defaulting to no policy 2024-11-18T08:39:57Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:39:57Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:39:57Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' 2024-11-18T08:39:57Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist 2024-11-18T08:39:57Z DEBUG Starting external process 2024-11-18T08:39:57Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/dirsrv/ds.keytab ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:39:58Z DEBUG Process finished, return code=0 2024-11-18T08:39:58Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. 2024-11-18T08:39:58Z DEBUG stderr= 2024-11-18T08:39:58Z DEBUG step duration: krb5kdc __create_ds_keytab 1.43 sec 2024-11-18T08:39:58Z DEBUG [6/10]: creating a keytab for the machine 2024-11-18T08:39:58Z DEBUG Starting external process 2024-11-18T08:39:58Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:39:58Z DEBUG Process finished, return code=0 2024-11-18T08:39:58Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Principal "host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL" created. 2024-11-18T08:39:58Z DEBUG stderr=No policy specified for host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL; defaulting to no policy 2024-11-18T08:39:58Z DEBUG Backing up system configuration file '/etc/krb5.keytab' 2024-11-18T08:39:58Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:39:58Z DEBUG Starting external process 2024-11-18T08:39:58Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/krb5.keytab host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:39:59Z DEBUG Process finished, return code=0 2024-11-18T08:39:59Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. 2024-11-18T08:39:59Z DEBUG stderr= 2024-11-18T08:39:59Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:39:59Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:40:00Z DEBUG Created connection context.ldap2_139840934383064 2024-11-18T08:40:00Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T08:40:00Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:40:00Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:40:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:40:01Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update' 2024-11-18T08:40:01Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG --------------------------------------------- 2024-11-18T08:40:01Z DEBUG Initial value 2024-11-18T08:40:01Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG objectClass: 2024-11-18T08:40:01Z DEBUG top 2024-11-18T08:40:01Z DEBUG groupOfNames 2024-11-18T08:40:01Z DEBUG nestedGroup 2024-11-18T08:40:01Z DEBUG ipaobject 2024-11-18T08:40:01Z DEBUG ipahostgroup 2024-11-18T08:40:01Z DEBUG description: 2024-11-18T08:40:01Z DEBUG IPA server hosts 2024-11-18T08:40:01Z DEBUG cn: 2024-11-18T08:40:01Z DEBUG ipaservers 2024-11-18T08:40:01Z DEBUG ipaUniqueID: 2024-11-18T08:40:01Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:40:01Z DEBUG --------------------------------------------- 2024-11-18T08:40:01Z DEBUG Final value after applying updates 2024-11-18T08:40:01Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG objectClass: 2024-11-18T08:40:01Z DEBUG top 2024-11-18T08:40:01Z DEBUG groupOfNames 2024-11-18T08:40:01Z DEBUG nestedGroup 2024-11-18T08:40:01Z DEBUG ipaobject 2024-11-18T08:40:01Z DEBUG ipahostgroup 2024-11-18T08:40:01Z DEBUG description: 2024-11-18T08:40:01Z DEBUG IPA server hosts 2024-11-18T08:40:01Z DEBUG cn: 2024-11-18T08:40:01Z DEBUG ipaservers 2024-11-18T08:40:01Z DEBUG ipaUniqueID: 2024-11-18T08:40:01Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:40:01Z DEBUG [] 2024-11-18T08:40:01Z DEBUG Updated 0 2024-11-18T08:40:01Z DEBUG Done 2024-11-18T08:40:01Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG --------------------------------------------- 2024-11-18T08:40:01Z DEBUG Initial value 2024-11-18T08:40:01Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG objectClass: 2024-11-18T08:40:01Z DEBUG top 2024-11-18T08:40:01Z DEBUG groupOfNames 2024-11-18T08:40:01Z DEBUG nestedGroup 2024-11-18T08:40:01Z DEBUG ipaobject 2024-11-18T08:40:01Z DEBUG ipahostgroup 2024-11-18T08:40:01Z DEBUG description: 2024-11-18T08:40:01Z DEBUG IPA server hosts 2024-11-18T08:40:01Z DEBUG cn: 2024-11-18T08:40:01Z DEBUG ipaservers 2024-11-18T08:40:01Z DEBUG ipaUniqueID: 2024-11-18T08:40:01Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:40:01Z DEBUG add: 'fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:40:01Z DEBUG add: updated value ['fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:40:01Z DEBUG --------------------------------------------- 2024-11-18T08:40:01Z DEBUG Final value after applying updates 2024-11-18T08:40:01Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG objectClass: 2024-11-18T08:40:01Z DEBUG top 2024-11-18T08:40:01Z DEBUG groupOfNames 2024-11-18T08:40:01Z DEBUG nestedGroup 2024-11-18T08:40:01Z DEBUG ipaobject 2024-11-18T08:40:01Z DEBUG ipahostgroup 2024-11-18T08:40:01Z DEBUG description: 2024-11-18T08:40:01Z DEBUG IPA server hosts 2024-11-18T08:40:01Z DEBUG cn: 2024-11-18T08:40:01Z DEBUG ipaservers 2024-11-18T08:40:01Z DEBUG ipaUniqueID: 2024-11-18T08:40:01Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:40:01Z DEBUG member: 2024-11-18T08:40:01Z DEBUG fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG [(2, 'member', ['fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:40:01Z DEBUG Updated 1 2024-11-18T08:40:01Z DEBUG update_entry modlist [(2, 'member', [b'fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:40:01Z DEBUG Done 2024-11-18T08:40:01Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-ipaservers_hostgroup.update 0.017 sec 2024-11-18T08:40:01Z DEBUG Destroyed connection context.ldap2_139840934383064 2024-11-18T08:40:01Z DEBUG step duration: krb5kdc __create_host_keytab 2.81 sec 2024-11-18T08:40:01Z DEBUG [7/10]: adding the password extension to the directory 2024-11-18T08:40:01Z DEBUG Starting external process 2024-11-18T08:40:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmprh07x06z', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:40:01Z DEBUG Process finished, return code=0 2024-11-18T08:40:01Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_pwd_extop add nsslapd-pluginpath: libipa_pwd_extop add nsslapd-plugininitfunc: ipapwd_init add nsslapd-plugintype: extendedop add nsslapd-pluginbetxn: on add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_pwd_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.) add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=datalab,dc=novalocal adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config" modify complete 2024-11-18T08:40:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:40:01Z DEBUG step duration: krb5kdc __add_pwd_extop_module 0.28 sec 2024-11-18T08:40:01Z DEBUG [8/10]: creating anonymous principal 2024-11-18T08:40:01Z DEBUG Starting external process 2024-11-18T08:40:01Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:40:01Z DEBUG Process finished, return code=0 2024-11-18T08:40:01Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Principal "WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL" created. 2024-11-18T08:40:01Z DEBUG stderr=No policy specified for WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL; defaulting to no policy 2024-11-18T08:40:01Z DEBUG Starting external process 2024-11-18T08:40:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpyawapui7', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:40:02Z DEBUG Process finished, return code=0 2024-11-18T08:40:02Z DEBUG stdout=add objectclass: ipaAllowedOperations add aci: (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) add ipaAllowedToPerform;read_keys: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal modifying entry "krbPrincipalName=WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:40:02Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:40:02Z DEBUG step duration: krb5kdc add_anonymous_principal 0.65 sec 2024-11-18T08:40:02Z DEBUG [9/10]: starting the KDC 2024-11-18T08:40:02Z DEBUG Starting external process 2024-11-18T08:40:02Z DEBUG args=['/bin/systemctl', 'start', 'krb5kdc.service'] 2024-11-18T08:40:02Z DEBUG Process finished, return code=0 2024-11-18T08:40:02Z DEBUG stdout= 2024-11-18T08:40:02Z DEBUG stderr= 2024-11-18T08:40:02Z DEBUG Starting external process 2024-11-18T08:40:02Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] 2024-11-18T08:40:02Z DEBUG Process finished, return code=0 2024-11-18T08:40:02Z DEBUG stdout=active 2024-11-18T08:40:02Z DEBUG stderr= 2024-11-18T08:40:02Z DEBUG Start of krb5kdc.service complete 2024-11-18T08:40:02Z DEBUG step duration: krb5kdc __start_instance 0.40 sec 2024-11-18T08:40:02Z DEBUG [10/10]: configuring KDC to start on boot 2024-11-18T08:40:02Z DEBUG Starting external process 2024-11-18T08:40:02Z DEBUG args=['/bin/systemctl', 'is-enabled', 'krb5kdc.service'] 2024-11-18T08:40:02Z DEBUG Process finished, return code=1 2024-11-18T08:40:02Z DEBUG stdout=disabled 2024-11-18T08:40:02Z DEBUG stderr= 2024-11-18T08:40:02Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:02Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:02Z DEBUG Starting external process 2024-11-18T08:40:02Z DEBUG args=['/bin/systemctl', 'unmask', 'krb5kdc.service'] 2024-11-18T08:40:02Z DEBUG Process finished, return code=0 2024-11-18T08:40:02Z DEBUG stdout= 2024-11-18T08:40:02Z DEBUG stderr= 2024-11-18T08:40:02Z DEBUG Starting external process 2024-11-18T08:40:02Z DEBUG args=['/bin/systemctl', 'disable', 'krb5kdc.service'] 2024-11-18T08:40:03Z DEBUG Process finished, return code=0 2024-11-18T08:40:03Z DEBUG stdout= 2024-11-18T08:40:03Z DEBUG stderr= 2024-11-18T08:40:03Z DEBUG step duration: krb5kdc __enable 0.65 sec 2024-11-18T08:40:03Z DEBUG Done configuring Kerberos KDC (krb5kdc). 2024-11-18T08:40:03Z DEBUG service duration: krb5kdc 7.82 sec 2024-11-18T08:40:03Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:03Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:40:03Z DEBUG Configuring kadmin 2024-11-18T08:40:03Z DEBUG [1/2]: starting kadmin 2024-11-18T08:40:03Z DEBUG Starting external process 2024-11-18T08:40:03Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service'] 2024-11-18T08:40:03Z DEBUG Process finished, return code=3 2024-11-18T08:40:03Z DEBUG stdout=inactive 2024-11-18T08:40:03Z DEBUG stderr= 2024-11-18T08:40:03Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:03Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:03Z DEBUG Starting external process 2024-11-18T08:40:03Z DEBUG args=['/bin/systemctl', 'restart', 'kadmin.service'] 2024-11-18T08:40:03Z DEBUG Process finished, return code=0 2024-11-18T08:40:03Z DEBUG stdout= 2024-11-18T08:40:03Z DEBUG stderr= 2024-11-18T08:40:03Z DEBUG Starting external process 2024-11-18T08:40:03Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service'] 2024-11-18T08:40:03Z DEBUG Process finished, return code=0 2024-11-18T08:40:03Z DEBUG stdout=active 2024-11-18T08:40:03Z DEBUG stderr= 2024-11-18T08:40:03Z DEBUG Restart of kadmin.service complete 2024-11-18T08:40:03Z DEBUG step duration: kadmin __start 0.54 sec 2024-11-18T08:40:03Z DEBUG [2/2]: configuring kadmin to start on boot 2024-11-18T08:40:03Z DEBUG Starting external process 2024-11-18T08:40:03Z DEBUG args=['/bin/systemctl', 'is-enabled', 'kadmin.service'] 2024-11-18T08:40:03Z DEBUG Process finished, return code=1 2024-11-18T08:40:03Z DEBUG stdout=disabled 2024-11-18T08:40:03Z DEBUG stderr= 2024-11-18T08:40:03Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:03Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:03Z DEBUG Starting external process 2024-11-18T08:40:03Z DEBUG args=['/bin/systemctl', 'unmask', 'kadmin.service'] 2024-11-18T08:40:04Z DEBUG Process finished, return code=0 2024-11-18T08:40:04Z DEBUG stdout= 2024-11-18T08:40:04Z DEBUG stderr= 2024-11-18T08:40:04Z DEBUG Starting external process 2024-11-18T08:40:04Z DEBUG args=['/bin/systemctl', 'disable', 'kadmin.service'] 2024-11-18T08:40:04Z DEBUG Process finished, return code=0 2024-11-18T08:40:04Z DEBUG stdout= 2024-11-18T08:40:04Z DEBUG stderr= 2024-11-18T08:40:04Z DEBUG step duration: kadmin __enable 0.56 sec 2024-11-18T08:40:04Z DEBUG Done configuring kadmin. 2024-11-18T08:40:04Z DEBUG service duration: kadmin 1.11 sec 2024-11-18T08:40:04Z DEBUG Custodia client for '' with promotion no. 2024-11-18T08:40:04Z DEBUG Custodia uses LDAPI. 2024-11-18T08:40:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:40:04Z DEBUG Configuring ipa-custodia 2024-11-18T08:40:04Z DEBUG [1/5]: Making sure custodia container exists 2024-11-18T08:40:04Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:40:04Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:40:05Z DEBUG Created connection context.ldap2_139840943429448 2024-11-18T08:40:05Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T08:40:05Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:40:05Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:40:05Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:40:06Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update' 2024-11-18T08:40:06Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG --------------------------------------------- 2024-11-18T08:40:06Z DEBUG Initial value 2024-11-18T08:40:06Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG objectClass: 2024-11-18T08:40:06Z DEBUG nsContainer 2024-11-18T08:40:06Z DEBUG top 2024-11-18T08:40:06Z DEBUG cn: 2024-11-18T08:40:06Z DEBUG custodia 2024-11-18T08:40:06Z DEBUG --------------------------------------------- 2024-11-18T08:40:06Z DEBUG Final value after applying updates 2024-11-18T08:40:06Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG objectClass: 2024-11-18T08:40:06Z DEBUG nsContainer 2024-11-18T08:40:06Z DEBUG top 2024-11-18T08:40:06Z DEBUG cn: 2024-11-18T08:40:06Z DEBUG custodia 2024-11-18T08:40:06Z DEBUG [] 2024-11-18T08:40:06Z DEBUG Updated 0 2024-11-18T08:40:06Z DEBUG Done 2024-11-18T08:40:06Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG --------------------------------------------- 2024-11-18T08:40:06Z DEBUG Initial value 2024-11-18T08:40:06Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG objectClass: 2024-11-18T08:40:06Z DEBUG nsContainer 2024-11-18T08:40:06Z DEBUG top 2024-11-18T08:40:06Z DEBUG cn: 2024-11-18T08:40:06Z DEBUG dogtag 2024-11-18T08:40:06Z DEBUG --------------------------------------------- 2024-11-18T08:40:06Z DEBUG Final value after applying updates 2024-11-18T08:40:06Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG objectClass: 2024-11-18T08:40:06Z DEBUG nsContainer 2024-11-18T08:40:06Z DEBUG top 2024-11-18T08:40:06Z DEBUG cn: 2024-11-18T08:40:06Z DEBUG dogtag 2024-11-18T08:40:06Z DEBUG [] 2024-11-18T08:40:06Z DEBUG Updated 0 2024-11-18T08:40:06Z DEBUG Done 2024-11-18T08:40:06Z DEBUG LDAP update duration: /usr/share/ipa/updates/73-custodia.update 0.006 sec 2024-11-18T08:40:06Z DEBUG Destroyed connection context.ldap2_139840943429448 2024-11-18T08:40:06Z DEBUG step duration: ipa-custodia __create_container 1.76 sec 2024-11-18T08:40:06Z DEBUG [2/5]: Generating ipa-custodia config file 2024-11-18T08:40:06Z DEBUG step duration: ipa-custodia __config_file 0.00 sec 2024-11-18T08:40:06Z DEBUG [3/5]: Generating ipa-custodia keys 2024-11-18T08:40:07Z DEBUG step duration: ipa-custodia __gen_keys 1.17 sec 2024-11-18T08:40:07Z DEBUG [4/5]: starting ipa-custodia 2024-11-18T08:40:07Z DEBUG Starting external process 2024-11-18T08:40:07Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service'] 2024-11-18T08:40:07Z DEBUG Process finished, return code=3 2024-11-18T08:40:07Z DEBUG stdout=inactive 2024-11-18T08:40:07Z DEBUG stderr= 2024-11-18T08:40:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:07Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:07Z DEBUG Starting external process 2024-11-18T08:40:07Z DEBUG args=['/bin/systemctl', 'restart', 'ipa-custodia.service'] 2024-11-18T08:40:08Z DEBUG Process finished, return code=0 2024-11-18T08:40:08Z DEBUG stdout= 2024-11-18T08:40:08Z DEBUG stderr= 2024-11-18T08:40:08Z DEBUG Starting external process 2024-11-18T08:40:08Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service'] 2024-11-18T08:40:08Z DEBUG Process finished, return code=0 2024-11-18T08:40:08Z DEBUG stdout=active 2024-11-18T08:40:08Z DEBUG stderr= 2024-11-18T08:40:08Z DEBUG Restart of ipa-custodia.service complete 2024-11-18T08:40:08Z DEBUG step duration: ipa-custodia __start 0.78 sec 2024-11-18T08:40:08Z DEBUG [5/5]: configuring ipa-custodia to start on boot 2024-11-18T08:40:08Z DEBUG Starting external process 2024-11-18T08:40:08Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-custodia.service'] 2024-11-18T08:40:08Z DEBUG Process finished, return code=1 2024-11-18T08:40:08Z DEBUG stdout=disabled 2024-11-18T08:40:08Z DEBUG stderr= 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Starting external process 2024-11-18T08:40:08Z DEBUG args=['/bin/systemctl', 'unmask', 'ipa-custodia.service'] 2024-11-18T08:40:08Z DEBUG Process finished, return code=0 2024-11-18T08:40:08Z DEBUG stdout= 2024-11-18T08:40:08Z DEBUG stderr= 2024-11-18T08:40:08Z DEBUG Starting external process 2024-11-18T08:40:08Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-custodia.service'] 2024-11-18T08:40:08Z DEBUG Process finished, return code=0 2024-11-18T08:40:08Z DEBUG stdout= 2024-11-18T08:40:08Z DEBUG stderr= 2024-11-18T08:40:08Z DEBUG step duration: ipa-custodia __enable 0.64 sec 2024-11-18T08:40:08Z DEBUG Done configuring ipa-custodia. 2024-11-18T08:40:08Z DEBUG service duration: ipa-custodia 4.35 sec 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:40:08Z DEBUG update_entry modlist [(2, 'ipacertificatesubjectbase', [b'O=DATALAB.NOVALOCAL'])] 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:40:08Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 2024-11-18T08:40:08Z DEBUG [1/29]: configuring certificate server instance 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Contents of pkispawn configuration file (/tmp/tmp25trmma0): [CA] pki_admin_cert_file = /root/.dogtag/pki-tomcat/ca_admin.cert pki_admin_cert_request_type = pkcs10 pki_admin_dualkey = False pki_admin_email = root@localhost pki_admin_name = admin pki_admin_nickname = ipa-ca-agent pki_admin_password = XXXXXXXX pki_admin_subject_dn = cn=ipa-ca-agent,O=DATALAB.NOVALOCAL pki_admin_uid = admin pki_ajp_host_ipv4 = 127.0.0.1 pki_ajp_host_ipv6 = ::1 pki_ajp_secret = 7KfYN5T6MO5gLXLRds2PmGh1gwEjLIsGpksOLSGexuPW pki_audit_group = pkiaudit pki_audit_signing_key_algorithm = SHA256withRSA pki_audit_signing_key_size = 2048 pki_audit_signing_key_type = rsa pki_audit_signing_nickname = auditSigningCert cert-pki-ca pki_audit_signing_signing_algorithm = SHA256withRSA pki_audit_signing_subject_dn = cn=CA Audit,O=DATALAB.NOVALOCAL pki_audit_signing_token = internal pki_backup_keys = True pki_backup_password = XXXXXXXX pki_ca_hostname = devbo01.datalab.novalocal pki_ca_port = 443 pki_ca_signing_cert_path = /etc/pki/pki-tomcat/external_ca.cert pki_ca_signing_csr_path = /root/ipa.csr pki_ca_signing_key_algorithm = SHA256withRSA pki_ca_signing_key_size = 3072 pki_ca_signing_key_type = rsa pki_ca_signing_nickname = caSigningCert cert-pki-ca pki_ca_signing_record_create = True pki_ca_signing_serial_number = 1 pki_ca_signing_signing_algorithm = SHA256withRSA pki_ca_signing_subject_dn = CN=Certificate Authority,O=DATALAB.NOVALOCAL pki_ca_signing_token = internal pki_ca_starting_crl_number = 0 pki_cert_chain_nickname = caSigningCert External CA pki_cert_chain_path = /etc/pki/pki-tomcat/external_ca_chain.cert pki_client_admin_cert_p12 = /root/ca-agent.p12 pki_client_database_password = pki_client_database_purge = True pki_client_dir = /root/.dogtag/pki-tomcat pki_client_pkcs12_password = XXXXXXXX pki_configuration_path = /etc/pki pki_default_ocsp_uri = http://ipa-ca.datalab.novalocal/ca/ocsp pki_dns_domainname = datalab.novalocal pki_ds_base_dn = o=ipaca pki_ds_bind_dn = cn=Directory Manager pki_ds_database = ipaca pki_ds_hostname = devbo01.datalab.novalocal pki_ds_ldap_port = 389 pki_ds_ldaps_port = 636 pki_ds_password = XXXXXXXX pki_ds_remove_data = True pki_ds_secure_connection = False pki_ds_secure_connection_ca_nickname = Directory Server CA certificate pki_ds_secure_connection_ca_pem_file = /etc/ipa/ca.crt pki_enable_proxy = True pki_existing = False pki_external = False pki_external_pkcs12_password = pki_external_pkcs12_path = pki_external_step_two = False pki_group = pkiuser pki_hostname = devbo01.datalab.novalocal pki_hsm_enable = False pki_hsm_libfile = pki_hsm_modulename = pki_import_admin_cert = False pki_instance_configuration_path = /etc/pki/pki-tomcat pki_instance_name = pki-tomcat pki_issuing_ca = https://devbo01.datalab.novalocal:443 pki_issuing_ca_hostname = devbo01.datalab.novalocal pki_issuing_ca_https_port = 443 pki_issuing_ca_uri = https://devbo01.datalab.novalocal:443 pki_master_crl_enable = True pki_ocsp_signing_key_algorithm = SHA256withRSA pki_ocsp_signing_key_size = 2048 pki_ocsp_signing_key_type = rsa pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca pki_ocsp_signing_signing_algorithm = SHA256withRSA pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=DATALAB.NOVALOCAL pki_ocsp_signing_token = internal pki_pkcs12_password = pki_pkcs12_path = pki_profiles_in_ldap = True pki_random_serial_numbers_enable = False pki_replica_number_range_end = 100 pki_replica_number_range_start = 1 pki_replication_password = pki_request_number_range_end = 10000000 pki_request_number_range_start = 1 pki_restart_configured_instance = False pki_san_for_server_cert = pki_san_inject = False pki_security_domain_hostname = devbo01.datalab.novalocal pki_security_domain_https_port = 443 pki_security_domain_name = IPA pki_security_domain_password = XXXXXXXX pki_security_domain_user = admin pki_self_signed_token = internal pki_serial_number_range_end = 10000000 pki_serial_number_range_start = 1 pki_server_database_password = XXXXXXXX pki_share_db = False pki_skip_configuration = False pki_skip_ds_verify = False pki_skip_installation = False pki_skip_sd_verify = False pki_sslserver_key_algorithm = SHA256withRSA pki_sslserver_key_size = 2048 pki_sslserver_key_type = rsa pki_sslserver_nickname = Server-Cert cert-pki-ca pki_sslserver_subject_dn = cn=devbo01.datalab.novalocal,O=DATALAB.NOVALOCAL pki_sslserver_token = internal pki_status_request_timeout = 15 pki_subordinate = False pki_subordinate_create_new_security_domain = False pki_subsystem = CA pki_subsystem_key_algorithm = SHA256withRSA pki_subsystem_key_size = 2048 pki_subsystem_key_type = rsa pki_subsystem_nickname = subsystemCert cert-pki-ca pki_subsystem_subject_dn = cn=CA Subsystem,O=DATALAB.NOVALOCAL pki_subsystem_token = internal pki_subsystem_type = ca pki_theme_enable = True pki_theme_server_dir = /usr/share/pki/common-ui pki_token_name = internal pki_user = pkiuser 2024-11-18T08:40:08Z DEBUG Starting external process 2024-11-18T08:40:08Z DEBUG args=['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp25trmma0', '--debug'] 2024-11-18T08:42:09Z DEBUG Process finished, return code=0 2024-11-18T08:42:09Z DEBUG stdout=--------------- Export complete --------------- Loading deployment configuration from /tmp/tmp25trmma0. Installation log: /var/log/pki/pki-ca-spawn.20241118094009.log Installing CA into /var/lib/pki/pki-tomcat. ========================================================================== INSTALLATION SUMMARY ========================================================================== Administrator's username: admin Administrator's PKCS #12 file: /root/ca-agent.p12 To check the status of the subsystem: systemctl status pki-tomcatd@pki-tomcat.service To restart the subsystem: systemctl restart pki-tomcatd@pki-tomcat.service The URL for the subsystem is: https://devbo01.datalab.novalocal:8443/ca PKI instances will be enabled upon system boot ========================================================================== 2024-11-18T08:42:09Z DEBUG stderr=INFO: Connecting to LDAP server at ldap://devbo01.datalab.novalocal:389 INFO: Connecting to LDAP server at ldap://devbo01.datalab.novalocal:389 INFO: BEGIN spawning CA subsystem in pki-tomcat instance INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Setting up pkiuser group INFO: Reusing existing pkiuser group with GID 17 INFO: Setting up pkiuser user INFO: Reusing existing pkiuser user with UID 17 DEBUG: Retrieving UID for 'pkiuser' DEBUG: UID of 'pkiuser' is 17 DEBUG: Retrieving GID for 'pkiuser' DEBUG: GID of 'pkiuser' is 17 INFO: Initialization INFO: Setting up infrastructure INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat DEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat DEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca DEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca DEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat/ca DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: cp -p /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: touch /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg DEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg INFO: Creating /var/lib/pki/pki-tomcat DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat INFO: Creating /var/lib/pki/pki-tomcat/ca DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca INFO: Preparing pki-tomcat instance INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Creating /etc/pki/pki-tomcat DEBUG: Command: mkdir /etc/pki/pki-tomcat INFO: Creating /etc/pki/pki-tomcat/password.conf INFO: Using specified server NSS database password INFO: Using specified internal database password INFO: Generating random replication manager password INFO: Creating /var/log/pki/pki-tomcat DEBUG: Command: mkdir -p /var/log/pki/pki-tomcat DEBUG: Command: chmod 770 /var/log/pki/pki-tomcat DEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat INFO: Creating /etc/pki/pki-tomcat/tomcat.conf DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf INFO: Creating /etc/pki/pki-tomcat/server.xml DEBUG: Command: cp /usr/share/pki/server/conf/server.xml /etc/pki/pki-tomcat/server.xml INFO: Creating /etc/pki/pki-tomcat/catalina.properties DEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /etc/pki/pki-tomcat/catalina.properties INFO: Creating /etc/pki/pki-tomcat/context.xml DEBUG: Command: ln -s /etc/tomcat/context.xml /etc/pki/pki-tomcat/context.xml INFO: Creating /etc/pki/pki-tomcat/logging.properties DEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /etc/pki/pki-tomcat/logging.properties INFO: Creating /etc/sysconfig/pki-tomcat DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/pki-tomcat INFO: Creating /etc/pki/pki-tomcat/tomcat.conf DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf INFO: Creating /etc/pki/pki-tomcat/web.xml DEBUG: Command: ln -s /etc/tomcat/web.xml /etc/pki/pki-tomcat/web.xml INFO: Creating /etc/pki/pki-tomcat/Catalina DEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost DEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina/localhost INFO: Deploying ROOT web application INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml INFO: Deploying /pki web application INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/pki.xml INFO: Creating /var/lib/pki/pki-tomcat/lib DEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/pki-tomcat/lib INFO: Creating /var/lib/pki/pki-tomcat/common DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common INFO: Creating /var/lib/pki/pki-tomcat/common/lib DEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/pki-tomcat/common/lib INFO: Creating /var/lib/pki/pki-tomcat/temp DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/temp DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/temp DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/temp INFO: Creating /var/lib/pki/pki-tomcat/work DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca INFO: Creating /var/lib/pki/pki-tomcat/bin DEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/bin INFO: Creating /var/lib/pki/pki-tomcat/pki-tomcat DEBUG: Command: ln -s /usr/sbin/tomcat /var/lib/pki/pki-tomcat/pki-tomcat DEBUG: Command: chown -h 0:0 /var/lib/pki/pki-tomcat/pki-tomcat DEBUG: Command: systemctl daemon-reload INFO: Creating /var/lib/pki/pki-tomcat/conf DEBUG: Command: ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/conf INFO: Creating /var/lib/pki/pki-tomcat/logs DEBUG: Command: ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/logs INFO: Creating /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service DEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service DEBUG: Command: chown -h 17:17 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat INFO: Creating CA subsystem INFO: Creating /var/log/pki/pki-tomcat/ca DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca INFO: Creating /var/log/pki/pki-tomcat/ca/archive DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/archive INFO: Creating /var/log/pki/pki-tomcat/ca/signedAudit DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/signedAudit INFO: Creating /etc/pki/pki-tomcat/ca DEBUG: Command: mkdir /etc/pki/pki-tomcat/ca INFO: Creating /etc/pki/pki-tomcat/ca/CS.cfg DEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /etc/pki/pki-tomcat/ca/CS.cfg INFO: Creating /etc/pki/pki-tomcat/ca/registry.cfg DEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg INFO: Creating /var/lib/pki/pki-tomcat/ca/emails DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/emails DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJob DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJobItem DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA.html DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA.html DEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /var/lib/pki/pki-tomcat/ca/emails/certRequestRejected.html DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA.html DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA.html DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /var/lib/pki/pki-tomcat/ca/emails/euJob1.html DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /var/lib/pki/pki-tomcat/ca/emails/euJob1Item.html DEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /var/lib/pki/pki-tomcat/ca/emails/publishCerts.html DEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /var/lib/pki/pki-tomcat/ca/emails/publishCertsItem.html DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA.html DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA.html DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /var/lib/pki/pki-tomcat/ca/emails/riq1Item.html DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /var/lib/pki/pki-tomcat/ca/emails/riq1Summary.html DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1.txt DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Item.txt DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Summary.txt INFO: Creating /var/lib/pki/pki-tomcat/ca/profiles/ca DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles/ca DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/DomainController.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/ECAdminCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/acmeServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAuditSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECserverCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECsubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCauditSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCcaCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraStorageCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraTransportCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCocspCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCserverCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCsubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAdminCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAgentServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirPinUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserSignedCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCertWithSCT.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSimpleCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCSharedTokenCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserSignedCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthTransportCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caManualRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOCSPCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSSLClientSelfRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCertWithSCT.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_DirUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_UserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSimpleCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caStorageCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenMSLoginEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTransportCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg INFO: Creating /etc/pki/pki-tomcat/ca/flatfile.txt DEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt INFO: Creating /etc/pki/pki-tomcat/ca/adminCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/caCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/caOCSPCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/serverCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/subsystemCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/proxy.conf DEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /etc/pki/pki-tomcat/ca/proxy.conf INFO: Creating /var/lib/pki/pki-tomcat/ca/conf DEBUG: Command: ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf INFO: Creating /var/lib/pki/pki-tomcat/ca/logs DEBUG: Command: ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs INFO: Creating /var/lib/pki/pki-tomcat/ca/registry DEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser DEBUG: get_subsystem_cert INFO: Getting signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting ocsp_signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting sslserver cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting subsystem cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting audit_signing cert info from CS.cfg INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Deploying /ca web application INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Creating /var/lib/pki/pki-tomcat/ca/webapps DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca/webapps DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca/webapps DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca/webapps INFO: Setting up ownerships, permissions, and ACLs on /var/lib/pki/pki-tomcat/ca/webapps INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Creating password file: /etc/pki/pki-tomcat/pfile INFO: Updating /etc/pki/pki-tomcat/password.conf DEBUG: Command: chmod 660 /etc/pki/pki-tomcat/password.conf DEBUG: Command: chown 17:17 /etc/pki/pki-tomcat/password.conf INFO: Creating /etc/pki/pki-tomcat/alias DEBUG: Command: mkdir /etc/pki/pki-tomcat/alias INFO: Creating NSS database: /etc/pki/pki-tomcat/alias DEBUG: Command: certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile DEBUG: Command: ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias INFO: Removing /etc/pki/pki-tomcat/pfile DEBUG: Command: rm -f /etc/pki/pki-tomcat/pfile DEBUG: get_subsystem_cert INFO: Getting signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting ocsp_signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting sslserver cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting subsystem cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting audit_signing cert info from CS.cfg INFO: Injecting SAN: False INFO: SSL server cert SAN: INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Creating /root/.dogtag/pki-tomcat/ca DEBUG: Command: mkdir -p /root/.dogtag/pki-tomcat/ca DEBUG: Command: chmod 755 /root/.dogtag/pki-tomcat/ca DEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca INFO: Creating password file: /root/.dogtag/pki-tomcat/ca/password.conf INFO: Updating /root/.dogtag/pki-tomcat/ca/password.conf DEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/password.conf DEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca/password.conf INFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf INFO: Updating /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf DEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf DEBUG: Command: chown 17:17 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias DEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf INFO: Creating SELinux contexts INFO: Generating system keys INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Fapolicy folder not found. Rule configuration skipped INFO: Configuring subsystem INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Checking existing SSL server cert: Server-Cert cert-pki-ca DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpv_m9_ewe/password.txt -n Server-Cert cert-pki-ca -a DEBUG: Cert not found: Server-Cert cert-pki-ca INFO: Creating temp SSL server cert for devbo01.datalab.novalocal DEBUG: Command: openssl rand -out /tmp/tmpbwd62m7q/noise 2048 DEBUG: Command: certutil -R -d /etc/pki/pki-tomcat/alias -k rsa -g 2048 -z /tmp/tmpbwd62m7q/noise -f /tmp/tmpbwd62m7q/password.txt -s cn=devbo01.datalab.novalocal,o=2024-11-18 09:40:09 -o /tmp/tmpbwd62m7q/request.bin DEBUG: Command: certutil -C -d /etc/pki/pki-tomcat/alias -x -f /tmp/tmpfu_wd3si/password.txt -a -i /tmp/tmpvucbrwts/sslserver.csr -o /tmp/tmpvucbrwts/sslserver.crt -m 0 -v 12 DEBUG: NSSDatabase.add_cert(Server-Cert cert-pki-ca) DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmpfu_wd3si/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpvucbrwts/sslserver.crt -t CTu,CTu,CTu Notice: Trust flag u is set automatically if the private key is present. INFO: Creating new security domain INFO: Using CA at https://devbo01.datalab.novalocal:443 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Removing existing database DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Removing database ipaca FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Validating database ownership INFO: Validating database ipaca is owned by o=ipaca INFO: Deleting mapping entry cn="o=ipaca",cn=mapping tree, cn=config INFO: Deleting cn="o=ipaca",cn=mapping tree, cn=config INFO: Entry not found: cn="o=ipaca",cn=mapping tree, cn=config INFO: Deleting database entry cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Deleting cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Entry not found: cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Initializing database INFO: - internaldb.ldapconn.port: 389 INFO: - internaldb.ldapconn.secureConn: false INFO: - pki_clone_replication_security: None INFO: - pki_clone_replication_clone_port: INFO: - pki_clone_replication_master_port: INFO: - replication_security: None DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-init --setup-schema --create-database --create-base --create-containers --replication-security None --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Initializing database ipaca for o=ipaca FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Initialize database INFO: Importing /usr/share/pki/server/conf/database.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-4658281675813943930.ldif INFO: Replacing nsslapd-maxbersize in cn=config INFO: Replacing nsslapd-pluginenabled in cn=USN,cn=plugins,cn=config INFO: Adding ou=csusers,cn=config INFO: Setting up PKI schema INFO: Importing /usr/share/pki/server/conf/schema.ldif INFO: Adding attributetypes: ( usertype-oid NAME 'usertype' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( userstate-oid NAME 'userstate' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( cmsuser-oid NAME 'cmsuser' DESC 'CMS User' SUP top STRUCTURAL MUST usertype MAY userstate X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( archivedBy-oid NAME 'archivedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( adminMessages-oid NAME 'adminMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( algorithm-oid NAME 'algorithm' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( algorithmId-oid NAME 'algorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( signingAlgorithmId-oid NAME 'signingAlgorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( autoRenew-oid NAME 'autoRenew' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( certStatus-oid NAME 'certStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlName-oid NAME 'crlName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlSize-oid NAME 'crlSize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( deltaSize-oid NAME 'deltaSize' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlNumber-oid NAME 'crlNumber' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( deltaNumber-oid NAME 'deltaNumber' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( firstUnsaved-oid NAME 'firstUnsaved' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlCache-oid NAME 'crlCache' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revokedCerts-oid NAME 'revokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( unrevokedCerts-oid NAME 'unrevokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( expiredCerts-oid NAME 'expiredCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlExtensions-oid NAME 'crlExtensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfArchival-oid NAME 'dateOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfRecovery-oid NAME 'dateOfRecovery' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfRevocation-oid NAME 'dateOfRevocation' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( duration-oid NAME 'duration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( extension-oid NAME 'extension' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( issuedBy-oid NAME 'issuedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( issueInfo-oid NAME 'issueInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( issuerName-oid NAME 'issuerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( keySize-oid NAME 'keySize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( clientId-oid NAME 'clientId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dataType-oid NAME 'dataType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( status-oid NAME 'status' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( keyState-oid NAME 'keyState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( metaInfo-oid NAME 'metaInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( nextUpdate-oid NAME 'nextUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( notAfter-oid NAME 'notAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( notBefore-oid NAME 'notBefore' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( ownerName-oid NAME 'ownerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( password-oid NAME 'password' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( p12Expiration-oid NAME 'p12Expiration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( proofOfArchival-oid NAME 'proofOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( publicKeyData-oid NAME 'publicKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( publicKeyFormat-oid NAME 'publicKeyFormat' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( privateKeyData-oid NAME 'privateKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestId-oid NAME 'requestId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestInfo-oid NAME 'requestInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestState-oid NAME 'requestState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestResult-oid NAME 'requestResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestOwner-oid NAME 'requestOwner' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestAgentGroup-oid NAME 'requestAgentGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestSourceId-oid NAME 'requestSourceId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestType-oid NAME 'requestType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestFlag-oid NAME 'requestFlag' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestError-oid NAME 'requestError' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( resourceACLS-oid NAME 'resourceACLS' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revInfo-oid NAME 'revInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revokedBy-oid NAME 'revokedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revokedOn-oid NAME 'revokedOn' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( publishingStatus-oid NAME 'publishingStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( sessionContext-oid NAME 'sessionContext' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( thisUpdate-oid NAME 'thisUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transId-oid NAME 'transId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transStatus-oid NAME 'transStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transName-oid NAME 'transName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transOps-oid NAME 'transOps' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( userDN-oid NAME 'userDN' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( userMessages-oid NAME 'userMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( version-oid NAME 'version' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( realm-oid NAME 'realm' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' SUP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange $ publishingStatus ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ requestState $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages $ realm ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( transaction-oid NAME 'transaction' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( transId $ description $ transName $ transStatus $ transOps ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( crlIssuingPointRecord-oid NAME 'crlIssuingPointRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $ deltaNumber $ deltaSize $ firstUnsaved $ certificateRevocationList $ deltaRevocationList $ crlCache $ revokedCerts $ unrevokedCerts $ expiredCerts $ cACertificate ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( certificateRecord-oid NAME 'certificateRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ certStatus $ autoRenew $ issueInfo $ metaInfo $ revInfo $ version $ duration $ notAfter $ notBefore $ algorithmId $ subjectName $ signingAlgorithmId $ userCertificate $ issuedBy $ revokedBy $ revokedOn $ extension $ publicKeyData $ issuerName ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( userDetails-oid NAME 'userDetails' DESC 'CMS defined class' SUP top STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ password $ p12Expiration ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyState $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ dateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ clientId $ dataType $ status $ realm ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $SecureEEClientAuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionEntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPolicy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ tokenType ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ tokenSerial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNotAfter $ extensions ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined class' SUP top AUXILIARY MAY ( profileID ) X-ORIGIN 'user-defined' ) INFO: Adding attributetypes: ( classId-oid NAME 'classId' DESC 'Certificate profile class ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( certProfileConfig-oid NAME 'certProfileConfig' DESC 'Certificate profile configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( certProfile-oid NAME 'certProfile' DESC 'Certificate profile' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityID-oid NAME 'authorityID' DESC 'Authority ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityKeyNickname-oid NAME 'authorityKeyNickname' DESC 'Authority key nickname' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user-defined' ) INFO: Adding attributetypes: ( authorityParentID-oid NAME 'authorityParentID' DESC 'Authority Parent ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityEnabled-oid NAME 'authorityEnabled' DESC 'Authority Enabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityDN-oid NAME 'authorityDN' DESC 'Authority DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authoritySerial-oid NAME 'authoritySerial' DESC 'Authority certificate serial number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityParentDN-oid NAME 'authorityParentDN' DESC 'Authority Parent DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityKeyHost-oid NAME 'authorityKeyHost' DESC 'Authority Key Hosts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( authority-oid NAME 'authority' DESC 'Certificate Authority' SUP top STRUCTURAL MUST ( cn $ authorityID $ authorityKeyNickname $ authorityEnabled $ authorityDN ) MAY ( authoritySerial $ authorityParentID $ authorityParentDN $ authorityKeyHost $ description ) X-ORIGIN 'user defined' ) INFO: Adding cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn="o=ipaca",cn=mapping tree, cn=config INFO: Adding o=ipaca INFO: Creating container entries INFO: Importing /usr/share/pki/ca/conf/db.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-4093365199607036145.ldif INFO: Adding ou=people,o=ipaca INFO: Adding ou=groups,o=ipaca INFO: Adding cn=Certificate Manager Agents,ou=groups,o=ipaca INFO: Adding cn=Registration Manager Agents,ou=groups,o=ipaca INFO: Adding cn=Subsystem Group, ou=groups, o=ipaca INFO: Adding cn=Trusted Managers,ou=groups,o=ipaca INFO: Adding cn=Administrators,ou=groups,o=ipaca INFO: Adding cn=Auditors,ou=groups,o=ipaca INFO: Adding cn=ClonedSubsystems,ou=groups,o=ipaca INFO: Adding cn=Security Domain Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise CA Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise KRA Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise OCSP Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise TKS Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise RA Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise TPS Administrators,ou=groups,o=ipaca INFO: Adding ou=requests,o=ipaca INFO: Adding cn=crossCerts,o=ipaca INFO: Adding ou=ca,o=ipaca INFO: Adding ou=certificateRepository,ou=ca,o=ipaca INFO: Adding ou=crlIssuingPoints,ou=ca,o=ipaca INFO: Adding ou=ca, ou=requests,o=ipaca INFO: Adding ou=replica,o=ipaca INFO: Adding ou=ranges,o=ipaca INFO: Adding ou=replica, ou=ranges,o=ipaca INFO: Adding ou=requests, ou=ranges,o=ipaca INFO: Adding ou=certificateRepository, ou=ranges,o=ipaca INFO: Adding ou=certificateProfiles,ou=ca,o=ipaca INFO: Adding ou=authorities,ou=ca,o=ipaca INFO: Setting up ACL INFO: Importing /usr/share/pki/ca/conf/acl.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-5464105497159943645.ldif INFO: Adding cn=aclResources,o=ipaca INFO: Creating indexes INFO: Importing /usr/share/pki/ca/conf/index.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-2819783330691481717.ldif INFO: Adding cn=revokedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=issuedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=publicKeyData,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=clientId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=dataType,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=status,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=description,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=serialno,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=metaInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=certstatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requestid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requesttype,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requeststate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requestowner,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=notbefore,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=notafter,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=duration,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=dateOfCreate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=revokedOn,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=archivedBy,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=ownername,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=issuername,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=subjectname,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requestsourceid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=revInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=extension,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeExpires,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeAccountId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeStatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeAuthorizationId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeIdentifier,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeCertificateId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeAuthorizationWildcard,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Setting up database manager INFO: Importing /usr/share/pki/server/conf/manager.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-4595629558900667895.ldif INFO: Adding aci into o=ipaca INFO: Adding aci into cn=ldbm database,cn=plugins,cn=config INFO: Adding aci into cn=config INFO: Adding aci into ou=csusers,cn=config INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config INFO: Adding aci into cn=tasks,cn=config DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-add --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Add VLVs INFO: Importing /usr/share/pki/ca/conf/vlv.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-7525507011930366810.ldif INFO: Adding cn=allCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInvalidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInValidCertsNotBefore-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allNonRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidOrRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPending-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allCerts-pki-tomcatIndex, cn=allCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allExpiredCerts-pki-tomcatIndex, cn=allExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInvalidCerts-pki-tomcatIndex, cn=allInvalidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInValidCertsNotBefore-pki-tomcatIndex, cn=allInValidCertsNotBefore-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allNonRevokedCerts-pki-tomcatIndex, cn=allNonRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCaCerts-pki-tomcatIndex, cn=allRevokedCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCerts-pki-tomcatIndex, cn=allRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCertsNotAfter-pki-tomcatIndex, cn=allRevokedCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedExpiredCerts-pki-tomcatIndex, cn=allRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcatIndex, cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCerts-pki-tomcatIndex, cn=allRevokedOrRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCerts-pki-tomcatIndex, cn=allValidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCertsNotAfter-pki-tomcatIndex, cn=allValidCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidOrRevokedCerts-pki-tomcatIndex, cn=allValidOrRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caAll-pki-tomcatIndex, cn=caAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceled-pki-tomcatIndex, cn=caCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledEnrollment-pki-tomcatIndex, cn=caCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRenewal-pki-tomcatIndex, cn=caCanceledRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRevocation-pki-tomcatIndex, cn=caCanceledRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caComplete-pki-tomcatIndex, cn=caComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteEnrollment-pki-tomcatIndex, cn=caCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRenewal-pki-tomcatIndex, cn=caCompleteRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRevocation-pki-tomcatIndex, cn=caCompleteRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caEnrollment-pki-tomcatIndex, cn=caEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPending-pki-tomcatIndex, cn=caPending-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingEnrollment-pki-tomcatIndex, cn=caPendingEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRenewal-pki-tomcatIndex, cn=caPendingRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRevocation-pki-tomcatIndex, cn=caPendingRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejected-pki-tomcatIndex, cn=caRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedEnrollment-pki-tomcatIndex, cn=caRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRenewal-pki-tomcatIndex, cn=caRejectedRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRevocation-pki-tomcatIndex, cn=caRejectedRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRenewal-pki-tomcatIndex, cn=caRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRevocation-pki-tomcatIndex, cn=caRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-reindex --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Reindex VLVs INFO: Importing /usr/share/pki/ca/conf/vlvtasks.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-7783496527539635442.ldif INFO: Adding cn=index1160589769, cn=index, cn=tasks, cn=config INFO: Waiting for task cn=index1160589769, cn=index, cn=tasks, cn=config (1s) INFO: Getting cn=index1160589769, cn=index, cn=tasks, cn=config INFO: Task cn=index1160589769, cn=index, cn=tasks, cn=config complete INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-profile-import --input-folder /usr/share/pki/ca/profiles/ca --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading /var/lib/pki/pki-tomcat/conf/ca/registry.cfg INFO: PluginRegistry: Loading plugin registry from /var/lib/pki/pki-tomcat/conf/ca/registry.cfg FINE: PluginRegistry: profile: FINE: PluginRegistry: - caEnrollImpl FINE: PluginRegistry: Added plugin profile caEnrollImpl Generic Certificate Enrollment Profile Certificate Authority Generic Certificate Enrollment Profile com.netscape.cms.profile.common.CAEnrollProfile FINE: PluginRegistry: - caCACertEnrollImpl FINE: PluginRegistry: Added plugin profile caCACertEnrollImpl CA Certificate Enrollment Profile Certificate Authority CA Certificate Enrollment Profile com.netscape.cms.profile.common.CACertCAEnrollProfile FINE: PluginRegistry: - caServerCertEnrollImpl FINE: PluginRegistry: Added plugin profile caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate Authority Server Certificate Enrollment Profile com.netscape.cms.profile.common.ServerCertCAEnrollProfile FINE: PluginRegistry: - caUserCertEnrollImpl FINE: PluginRegistry: Added plugin profile caUserCertEnrollImpl User Certificate Enrollment Profile Certificate Authority User Certificate Enrollment Profile com.netscape.cms.profile.common.UserCertCAEnrollProfile FINE: PluginRegistry: defaultPolicy: FINE: PluginRegistry: - noDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy noDefaultImpl No Default No Default com.netscape.cms.profile.def.NoDefault FINE: PluginRegistry: - genericExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy genericExtDefaultImpl Generic Extension Generic Extension com.netscape.cms.profile.def.GenericExtDefault FINE: PluginRegistry: - autoAssignDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy autoAssignDefaultImpl Auto Request Assignment Default Auto Request Assignment Default com.netscape.cms.profile.def.AutoAssignDefault FINE: PluginRegistry: - subjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy subjectNameDefaultImpl Subject Name Default Subject Name Default com.netscape.cms.profile.def.SubjectNameDefault FINE: PluginRegistry: - validityDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy validityDefaultImpl Validity Default Validty Default com.netscape.cms.profile.def.ValidityDefault FINE: PluginRegistry: - randomizedValidityDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy randomizedValidityDefaultImpl Randomized Validity Default Randomized Validity Default com.netscape.cms.profile.def.RandomizedValidityDefault FINE: PluginRegistry: - caValidityDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy caValidityDefaultImpl CA Certificate Validity Default CA Certificate Validty Default com.netscape.cms.profile.def.CAValidityDefault FINE: PluginRegistry: - subjectKeyIdentifierExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy subjectKeyIdentifierExtDefaultImpl Subject Key Identifier Default Subject Key Identifier Default com.netscape.cms.profile.def.SubjectKeyIdentifierExtDefault FINE: PluginRegistry: - authorityKeyIdentifierExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy authorityKeyIdentifierExtDefaultImpl Authority Key Identifier Extension Default Authority Key Identifier Extension Default com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault FINE: PluginRegistry: - basicConstraintsExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy basicConstraintsExtDefaultImpl Basic Constraints Extension Default Basic Constraints Extension Default com.netscape.cms.profile.def.BasicConstraintsExtDefault FINE: PluginRegistry: - keyUsageExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy keyUsageExtDefaultImpl Key Usage Extension Default Key Usage Extension Default com.netscape.cms.profile.def.KeyUsageExtDefault FINE: PluginRegistry: - nsCertTypeExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy nsCertTypeExtDefaultImpl Netscape Certificate Type Extension Default Netscape Certificate Type Extension Default com.netscape.cms.profile.def.NSCertTypeExtDefault FINE: PluginRegistry: - extendedKeyUsageExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy extendedKeyUsageExtDefaultImpl Extended Key Usage Extension Default Extended Key Usage Extension Default com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault FINE: PluginRegistry: - ocspNoCheckExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy ocspNoCheckExtDefaultImpl OCSP No Check Extension Default OCSP No Check Extension Default com.netscape.cms.profile.def.OCSPNoCheckExtDefault FINE: PluginRegistry: - issuerAltNameExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy issuerAltNameExtDefaultImpl Issuer Alternative Name Extension Default Issuer Alternative Name Extension Default com.netscape.cms.profile.def.IssuerAltNameExtDefault FINE: PluginRegistry: - subjectAltNameExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy subjectAltNameExtDefaultImpl Subject Alternative Name Extension Default Subject Alternative Name Extension Default com.netscape.cms.profile.def.SubjectAltNameExtDefault FINE: PluginRegistry: - userSubjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy userSubjectNameDefaultImpl User Supplied Subject Name Default User Supplied Subject Name Default com.netscape.cms.profile.def.UserSubjectNameDefault FINE: PluginRegistry: - cmcUserSignedSubjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy cmcUserSignedSubjectNameDefaultImpl CMC User Signed Subject Name Default CMC User Signed Subject Name Default com.netscape.cms.profile.def.CMCUserSignedSubjectNameDefault FINE: PluginRegistry: - signingAlgDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy signingAlgDefaultImpl Signing Algorithm Default Signing Algorithm Default com.netscape.cms.profile.def.SigningAlgDefault FINE: PluginRegistry: - userKeyDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy userKeyDefaultImpl User Supplied Key Default User Supplied Key Default com.netscape.cms.profile.def.UserKeyDefault FINE: PluginRegistry: - userValidityDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy userValidityDefaultImpl User Supplied Validity Default User Supplied Validity Default com.netscape.cms.profile.def.UserValidityDefault FINE: PluginRegistry: - userExtensionDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy userExtensionDefaultImpl User Supplied Extension Default User Supplied Extension Default com.netscape.cms.profile.def.UserExtensionDefault FINE: PluginRegistry: - userSigningAlgDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy userSigningAlgDefaultImpl User Supplied Signing Alg Default User Supplied Signing Alg Default com.netscape.cms.profile.def.UserSigningAlgDefault FINE: PluginRegistry: - authTokenSubjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy authTokenSubjectNameDefaultImpl Token Supplied Subject Name Default Token Supplied Subject Name Default com.netscape.cms.profile.def.AuthTokenSubjectNameDefault FINE: PluginRegistry: - subjectInfoAccessExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy subjectInfoAccessExtDefaultImpl Subject Info Access Extension Default Subject Info Access Extension Default com.netscape.cms.profile.def.SubjectInfoAccessExtDefault FINE: PluginRegistry: - authInfoAccessExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy authInfoAccessExtDefaultImpl Authority Info Access Extension Default Authority Info Access Extension Default com.netscape.cms.profile.def.AuthInfoAccessExtDefault FINE: PluginRegistry: - nscCommentExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy nscCommentExtDefaultImpl Netscape Comment Extension Default Netscape Comment Extension Default com.netscape.cms.profile.def.NSCCommentExtDefault FINE: PluginRegistry: - freshestCRLExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy freshestCRLExtDefaultImpl Freshest CRL Extension Default Freshest CRL Extension Default com.netscape.cms.profile.def.FreshestCRLExtDefault FINE: PluginRegistry: - crlDistributionPointsExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy crlDistributionPointsExtDefaultImpl CRL Distribution Points Extension Default CRL Distribution Points Extension Default com.netscape.cms.profile.def.CRLDistributionPointsExtDefault FINE: PluginRegistry: - policyConstraintsExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy policyConstraintsExtDefaultImpl Policy Constraints Extension Default Policy Constraints Extension Default com.netscape.cms.profile.def.PolicyConstraintsExtDefault FINE: PluginRegistry: - policyMappingsExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy policyMappingsExtDefaultImpl Policy Mappings Extension Default Policy Mappings Extension Default com.netscape.cms.profile.def.PolicyMappingsExtDefault FINE: PluginRegistry: - nameConstraintsExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy nameConstraintsExtDefaultImpl Name Constraints Extension Default Name Constraints Extension Default com.netscape.cms.profile.def.NameConstraintsExtDefault FINE: PluginRegistry: - certificateVersionDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy certificateVersionDefaultImpl Certificate Version Default Certificate Version Default com.netscape.cms.profile.def.CertificateVersionDefault FINE: PluginRegistry: - certificatePoliciesExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy certificatePoliciesExtDefaultImpl Certificate Policies Extension Default Certificate Policies Extension Default com.netscape.cms.profile.def.CertificatePoliciesExtDefault FINE: PluginRegistry: - subjectDirAttributesExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy subjectDirAttributesExtDefaultImpl Subject Directory Attributes Extension Default Subject Directory Attributes Extension Default com.netscape.cms.profile.def.SubjectDirAttributesExtDefault FINE: PluginRegistry: - privateKeyPeriodExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy privateKeyPeriodExtDefaultImpl Private Key Period Ext Default Private Key Period Ext Default com.netscape.cms.profile.def.PrivateKeyUsagePeriodExtDefault FINE: PluginRegistry: - inhibitAnyPolicyExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy inhibitAnyPolicyExtDefaultImpl Inhibit Any-Policy Extension Default Inhibit Any-Policy Extension Default com.netscape.cms.profile.def.InhibitAnyPolicyExtDefault FINE: PluginRegistry: - imageDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy imageDefaultImpl Image Default Image Default com.netscape.cms.profile.def.ImageDefault FINE: PluginRegistry: - nsTokenDeviceKeySubjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy nsTokenDeviceKeySubjectNameDefaultImpl nsTokenDeviceKeySubjectNameDefault nsTokenDeviceKeySubjectNameDefaultImpl com.netscape.cms.profile.def.nsTokenDeviceKeySubjectNameDefault FINE: PluginRegistry: - nsTokenUserKeySubjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy nsTokenUserKeySubjectNameDefaultImpl nsTokenUserKeySubjectNameDefault nsTokenUserKeySubjectNameDefaultImpl com.netscape.cms.profile.def.nsTokenUserKeySubjectNameDefault FINE: PluginRegistry: - authzRealmDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy authzRealmDefaultImpl Authz Realm Default Authz Realm Default com.netscape.cms.profile.def.AuthzRealmDefault FINE: PluginRegistry: - commonNameToSANDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy commonNameToSANDefaultImpl Copy Common Name to Subject Alternative Name Copy Common Name to Subject Alternative Name com.netscape.cms.profile.def.CommonNameToSANDefault FINE: PluginRegistry: - SignedCertificateTimestampListExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy SignedCertificateTimestampListExtDefaultImpl Certificate Transparency Timestamp List Extension Default Certificate Transparency Timestamp List Extension Default com.netscape.cms.profile.def.SignedCertificateTimestampListExtDefault FINE: PluginRegistry: - sanToCNDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy sanToCNDefaultImpl SAN to CN Default SAN to CN Default com.netscape.cms.profile.def.SANToCNDefault FINE: PluginRegistry: - serverKeygenUserKeyDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy serverKeygenUserKeyDefaultImpl Server-Side Keygen Default Server-Side Keygen Default com.netscape.cms.profile.def.ServerKeygenUserKeyDefault FINE: PluginRegistry: constraintPolicy: FINE: PluginRegistry: - noConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy noConstraintImpl No Constraint No Constraint com.netscape.cms.profile.constraint.NoConstraint FINE: PluginRegistry: - subjectNameConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy subjectNameConstraintImpl Subject Name Constraint Subject Name Constraint com.netscape.cms.profile.constraint.SubjectNameConstraint FINE: PluginRegistry: - uniqueSubjectNameConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy uniqueSubjectNameConstraintImpl Unique Subject Name Constraint Unique Subject Name Constraint com.netscape.cms.profile.constraint.UniqueSubjectNameConstraint FINE: PluginRegistry: - userSubjectNameConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy userSubjectNameConstraintImpl User Subject Name Constraint User Subject Name Constraint com.netscape.cms.profile.constraint.UserSubjectNameConstraint FINE: PluginRegistry: - cmcSharedTokenSubjectNameConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy cmcSharedTokenSubjectNameConstraintImpl CMC Shared Token request User Subject Name Constraint CMC Shared Token request User Subject Name Constraint com.netscape.cms.profile.constraint.CMCSharedTokenSubjectNameConstraint FINE: PluginRegistry: - cmcUserSignedSubjectNameConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy cmcUserSignedSubjectNameConstraintImpl CMC User-Signed request User Subject Name Constraint CMC User-Signed request User Subject Name Constraint com.netscape.cms.profile.constraint.CMCUserSignedSubjectNameConstraint FINE: PluginRegistry: - caValidityConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy caValidityConstraintImpl CA Validity Constraint CA Validity Constraint com.netscape.cms.profile.constraint.CAValidityConstraint FINE: PluginRegistry: - validityConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy validityConstraintImpl Validity Constraint Validity Constraint com.netscape.cms.profile.constraint.ValidityConstraint FINE: PluginRegistry: - keyUsageExtConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy keyUsageExtConstraintImpl Key Usage Extension Constraint Key Usage Extension Constraint com.netscape.cms.profile.constraint.KeyUsageExtConstraint FINE: PluginRegistry: - nsCertTypeExtConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy nsCertTypeExtConstraintImpl Netscape Certificate Type Extension Constraint Netscape Certificate Type Extension Constraint com.netscape.cms.profile.constraint.NSCertTypeExtConstraint FINE: PluginRegistry: - extendedKeyUsageExtConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy extendedKeyUsageExtConstraintImpl Extended Key Usage Extension Constraint Extended Key Usage Extension Constraint com.netscape.cms.profile.constraint.ExtendedKeyUsageExtConstraint FINE: PluginRegistry: - keyConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy keyConstraintImpl Key Constraint Key Constraint com.netscape.cms.profile.constraint.KeyConstraint FINE: PluginRegistry: - basicConstraintsExtConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy basicConstraintsExtConstraintImpl Basic Constraints Extension Constraint Basic Constraints Extension Constraint com.netscape.cms.profile.constraint.BasicConstraintsExtConstraint FINE: PluginRegistry: - extensionConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy extensionConstraintImpl Extension Constraint Extension Constraint com.netscape.cms.profile.constraint.ExtensionConstraint FINE: PluginRegistry: - signingAlgConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy signingAlgConstraintImpl Signing Algorithm Constraint Signing Algorithm Constraint com.netscape.cms.profile.constraint.SigningAlgConstraint FINE: PluginRegistry: - uniqueKeyConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy uniqueKeyConstraintImpl Unique Public Key Constraint Unique Public Key Constraint com.netscape.cms.profile.constraint.UniqueKeyConstraint FINE: PluginRegistry: - renewGracePeriodConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy renewGracePeriodConstraintImpl Renewal Grace Period Constraint Renewal Grace Period Constraint com.netscape.cms.profile.constraint.RenewGracePeriodConstraint FINE: PluginRegistry: - authzRealmConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy authzRealmConstraintImpl Authz Realm Constraint Authz Realm Constraint com.netscape.cms.profile.constraint.AuthzRealmConstraint FINE: PluginRegistry: - externalProcessConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy externalProcessConstraintImpl External Process Constraint External Process Constraint com.netscape.cms.profile.constraint.ExternalProcessConstraint FINE: PluginRegistry: profileInput: FINE: PluginRegistry: - cmcCertReqInputImpl FINE: PluginRegistry: Added plugin profileInput cmcCertReqInputImpl CMC Certificate Request Input CMC Certificate Request Input com.netscape.cms.profile.input.CMCCertReqInput FINE: PluginRegistry: - certReqInputImpl FINE: PluginRegistry: Added plugin profileInput certReqInputImpl Certificate Request Input Certificate Request Input com.netscape.cms.profile.input.CertReqInput FINE: PluginRegistry: - keyGenInputImpl FINE: PluginRegistry: Added plugin profileInput keyGenInputImpl Key Generation Input Key Generation Input com.netscape.cms.profile.input.KeyGenInput FINE: PluginRegistry: - encKeyGenInputImpl FINE: PluginRegistry: Added plugin profileInput encKeyGenInputImpl Encryption Key Generation Input Encryption Key Generation Input com.netscape.cms.profile.input.EncryptionKeyGenInput FINE: PluginRegistry: - signKeyGenInputImpl FINE: PluginRegistry: Added plugin profileInput signKeyGenInputImpl Encryption Key Generation Input Encryption Key Generation Input com.netscape.cms.profile.input.SigningKeyGenInput FINE: PluginRegistry: - dualKeyGenInputImpl FINE: PluginRegistry: Added plugin profileInput dualKeyGenInputImpl Dual Key Generation Input Dual Key Generation Input com.netscape.cms.profile.input.DualKeyGenInput FINE: PluginRegistry: - subjectNameInputImpl FINE: PluginRegistry: Added plugin profileInput subjectNameInputImpl Subject Name Input Subject Name Input com.netscape.cms.profile.input.SubjectNameInput FINE: PluginRegistry: - submitterInfoInputImpl FINE: PluginRegistry: Added plugin profileInput submitterInfoInputImpl Submitter Information Input Submitter Information Input com.netscape.cms.profile.input.SubmitterInfoInput FINE: PluginRegistry: - genericInputImpl FINE: PluginRegistry: Added plugin profileInput genericInputImpl Generic Input Generic Input com.netscape.cms.profile.input.GenericInput FINE: PluginRegistry: - fileSigningInputImpl FINE: PluginRegistry: Added plugin profileInput fileSigningInputImpl File Signing Input File Signing Input com.netscape.cms.profile.input.FileSigningInput FINE: PluginRegistry: - imageInputImpl FINE: PluginRegistry: Added plugin profileInput imageInputImpl Image Input Image Input com.netscape.cms.profile.input.ImageInput FINE: PluginRegistry: - subjectDNInputImpl FINE: PluginRegistry: Added plugin profileInput subjectDNInputImpl Subject DN Input Subject DN Input com.netscape.cms.profile.input.SubjectDNInput FINE: PluginRegistry: - nsNKeyCertReqInputImpl FINE: PluginRegistry: Added plugin profileInput nsNKeyCertReqInputImpl nsNKeyCertReqInputImpl nsNKeyCertReqInputImpl com.netscape.cms.profile.input.nsNKeyCertReqInput FINE: PluginRegistry: - nsHKeyCertReqInputImpl FINE: PluginRegistry: Added plugin profileInput nsHKeyCertReqInputImpl nsHKeyCertReqInputImpl nsHKeyCertReqInputImpl com.netscape.cms.profile.input.nsHKeyCertReqInput FINE: PluginRegistry: - serialNumRenewInputImpl FINE: PluginRegistry: Added plugin profileInput serialNumRenewInputImpl Certificate Renewal Request Serial Number Input Certificate Renewal Request Serial Number Input com.netscape.cms.profile.input.SerialNumRenewInput FINE: PluginRegistry: - subjectAltNameExtInputImpl FINE: PluginRegistry: Added plugin profileInput subjectAltNameExtInputImpl SAN Input SAN Input com.netscape.cms.profile.input.SubjectAltNameExtInput FINE: PluginRegistry: - serverKeygenInputImpl FINE: PluginRegistry: Added plugin profileInput serverKeygenInputImpl Server-Side Keygen Input Server-Side Keygen Input com.netscape.cms.profile.input.ServerKeygenInput FINE: PluginRegistry: profileOutput: FINE: PluginRegistry: - certOutputImpl FINE: PluginRegistry: Added plugin profileOutput certOutputImpl Certificate Output Certificate Output com.netscape.cms.profile.output.CertOutput FINE: PluginRegistry: - cmmfOutputImpl FINE: PluginRegistry: Added plugin profileOutput cmmfOutputImpl CMMF Response Output CMMF Response Output com.netscape.cms.profile.output.CMMFOutput FINE: PluginRegistry: - pkcs7OutputImpl FINE: PluginRegistry: Added plugin profileOutput pkcs7OutputImpl PKCS7 Output PKCS7 Output com.netscape.cms.profile.output.PKCS7Output FINE: PluginRegistry: - nsNKeyOutputImpl FINE: PluginRegistry: Added plugin profileOutput nsNKeyOutputImpl nsNKeyOutputImpl nsNKeyOutputImpl com.netscape.cms.profile.output.nsNKeyOutput FINE: PluginRegistry: - pkcs12OutputImpl FINE: PluginRegistry: Added plugin profileOutput pkcs12OutputImpl PKCS12 Output PKCS12 Output com.netscape.cms.profile.output.PKCS12Output FINE: PluginRegistry: profileUpdater: FINE: PluginRegistry: - subsystemGroupUpdaterImpl FINE: PluginRegistry: Added plugin profileUpdater subsystemGroupUpdaterImpl Updater for Subsystem Group Updater for Subsystem Group com.netscape.cms.profile.updater.SubsystemGroupUpdater FINE: RegistrySubsystem: startup FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Importing profiles into LDAP INFO: Importing /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDualCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/AdminCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTPSCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caRouterCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caOtherCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCACert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caRACert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caStorageCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTransportCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caAdminCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/DomainController.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg INFO: Enabling CA subsystem INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ca.xml INFO: Starting PKI server DEBUG: Command: systemctl start pki-tomcatd@pki-tomcat.service INFO: Waiting for PKI server to start INFO: Waiting for PKI server to start (1s) INFO: PKI server started INFO: Waiting for CA subsystem INFO: Subsystem status: running DEBUG: PKIDeployer.setup_system_certs() DEBUG: get_subsystem_cert INFO: Getting signing cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting signing cert info from NSS database DEBUG: NSSDatabase.get_cert_info(caSigningCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(caSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp2cxa070e/password.txt -n caSigningCert cert-pki-ca -a DEBUG: Cert not found: caSigningCert cert-pki-ca DEBUG: get_subsystem_cert INFO: Getting ocsp_signing cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting ocsp_signing cert info from NSS database DEBUG: NSSDatabase.get_cert_info(ocspSigningCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(ocspSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpqh4pjd30/password.txt -n ocspSigningCert cert-pki-ca -a DEBUG: Cert not found: ocspSigningCert cert-pki-ca DEBUG: get_subsystem_cert INFO: Getting sslserver cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting sslserver cert info from NSS database DEBUG: NSSDatabase.get_cert_info(Server-Cert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmplnloas9_/password.txt -n Server-Cert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) ends DEBUG: NSSDatabase.get_trust(Server-Cert cert-pki-ca) DEBUG: fullname: Server-Cert cert-pki-ca DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp49jpqhsh/password.txt DEBUG: NSSDatabase.get_cert_info(Server-Cert cert-pki-ca) ends DEBUG: get_subsystem_cert INFO: Getting subsystem cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting subsystem cert info from NSS database DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp6fezrqh1/password.txt -n subsystemCert cert-pki-ca -a DEBUG: Cert not found: subsystemCert cert-pki-ca DEBUG: get_subsystem_cert INFO: Getting audit_signing cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting audit_signing cert info from NSS database DEBUG: NSSDatabase.get_cert_info(auditSigningCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(auditSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpviuw12uy/password.txt -n auditSigningCert cert-pki-ca -a DEBUG: Cert not found: auditSigningCert cert-pki-ca DEBUG: PKIDeployer.setup_cert() DEBUG: NSSDatabase.get_cert(caSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmps1ho9fqw/password.txt -n caSigningCert cert-pki-ca -a DEBUG: Cert not found: caSigningCert cert-pki-ca DEBUG: returned from nssdb.get_cert INFO: Setting up signing certificate /usr/lib/python3.6/site-packages/urllib3/connection.py:376: SubjectAltNameWarning: Certificate for devbo01.datalab.novalocal has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning INFO: Storing signing certificate DEBUG: - cert: MIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDEwOVoXDTQ0MTExODA4NDEwOVowPDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL4EApiwdHeBEKhDIzETZevWL0CC9CCtpwQI01B8Bs313EruFVeLrR4/13wupTarPRsN/S9iDcHgrNYA7wIlI5hcjDId1E3lyRurgTZk1FnOmUKCt+XHzWb4k1v4Dv6fO3empihMbUsBeq9R9wUPHmBYCObrXxijjHgNfyHAwUX6nwaHfYwEBHUAauF+40ejo9DbmTqRu8eESbxSfXMVr0m4hke172hCDnBmdHy7O1yuyi+pZ0B+z2Jl/vuWmtP3zJ2UNc+zpOq9sCaa7s5i/RGIf2j180vuCBs6AqWzqQyYmwpqo9RY2R9brvFG/4sEuCLcFrwp2bZzqkx+qdIVJ8qX7ydKLjlvA2iY3tLiR+KEIuBrOLCPDSvlhM+AyFaPJ0WOHZkrb07bUv9dqrpLsA6OO5Vutps+dL2lOYqZf+PIAKblPna4uV+f0zoZF3KzxuMnlBHjPsGkEkP3ZoTi31GI0GDZkimZjrcAVyI9H9lfPCMb8U6ei96pk5zfsEpOQQIDAQABo4GpMIGmMB8GA1UdIwQYMBaAFMfCnEU6OfOa86Atfiwtb+SLq541MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3ZhbG9jYWwvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAqFcAqTsTKFhLqyZyLcbHivWAtgYC6vhfsNV2QmpDyPdnj2vlQNsV2nGHmnZxC16b4cVbAlIHF8kCp3X86NOy2SfQXww9iv4kXRyO1YBrX1Ie5BKA7AUA6YS3euD13eMGC6iLDTskjvPOQSktOivPpw+gMj7kfK5FL2WE8Kh9YCadLTmY9pSp9CyLEM2s9MS7rSAcRf3bRYkrSNPlKgFppwk/RncA9Wy71FSmraHKl1psMoa5022vTiHL4EOddCiS7RC5ZEHyFn2AMTAlPmUo4qEYudcVfA+TyUctYQgfVPDX8WTWvyWeX1exs+VINgL+zq8b3WFAV0pMBIgBr+aPx9lNZyEnpopL6qC3mJgKM7bxVF3aEv7pkGPt5s3e2j1ahwIa/X9WRbwB6bTCTs7NpbRYMxEeVIUCgSphCwxtLeUMkhwygbJmx/H2GzqStBRRRlOndcEXgnXMQTbdhqo2ftUcEZCkwCFGXIQ0WYaiQ1LuocnxlTN8fpVCKDiTi2JT DEBUG: - request: MIIDszCCAhsCAQAwPDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL4EApiwdHeBEKhDIzETZevWL0CC9CCtpwQI01B8Bs313EruFVeLrR4/13wupTarPRsN/S9iDcHgrNYA7wIlI5hcjDId1E3lyRurgTZk1FnOmUKCt+XHzWb4k1v4Dv6fO3empihMbUsBeq9R9wUPHmBYCObrXxijjHgNfyHAwUX6nwaHfYwEBHUAauF+40ejo9DbmTqRu8eESbxSfXMVr0m4hke172hCDnBmdHy7O1yuyi+pZ0B+z2Jl/vuWmtP3zJ2UNc+zpOq9sCaa7s5i/RGIf2j180vuCBs6AqWzqQyYmwpqo9RY2R9brvFG/4sEuCLcFrwp2bZzqkx+qdIVJ8qX7ydKLjlvA2iY3tLiR+KEIuBrOLCPDSvlhM+AyFaPJ0WOHZkrb07bUv9dqrpLsA6OO5Vutps+dL2lOYqZf+PIAKblPna4uV+f0zoZF3KzxuMnlBHjPsGkEkP3ZoTi31GI0GDZkimZjrcAVyI9H9lfPCMb8U6ei96pk5zfsEpOQQIDAQABoDIwMAYJKoZIhvcNAQkOMSMwITAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQsFAAOCAYEARCKyhmcRSOHKW7a52EpYOu66S4YV98L2OD4oAk2W2CbcG8kec/G0JxrdNC/GtklDvqa9GGf5BSl9C+2OVSSt6upT11sau/rPcDCGlcUHysMB8g+UFzh4xsk8sdRIa1SUvnA73EYQ84+yuspM4loJi24jTYaxggyT/PdnWVbSBaYNAyWq+uns50XfUC+NmyHukAwonlRWdc5ija7Ejn5NS1nE8EV+ZbHa9OzG2EQlFCfTO21iyqaEPVhds2fM4KkcPjlufqXV9gYDl0I4u3AJBP0HXsIGp0X6ISC5mgHFmcSFpPOq8iVQH4bMbNYvJ+eOWn3T+7VD5P7IjH96euMQpMj6Oasap6zcD8uEviEXQikl4Pc/SIBja0GsqvhJ0wtDdBDGo4FDP4e6rmOnhPvH2UkDkpDDRVra6X7AAGL8+dAGH/sTBjW8AojFp4fkVrooP0FJhTFdOj8W9FNID8ZNjk56dobBqW0fNz8fxZLHu1rJH6ResWLOUiW9gWfIaelJ DEBUG: PKIDeployer.setup_cert() DEBUG: NSSDatabase.get_cert(ocspSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpynboal7m/password.txt -n ocspSigningCert cert-pki-ca -a DEBUG: Cert not found: ocspSigningCert cert-pki-ca DEBUG: returned from nssdb.get_cert INFO: Setting up ocsp_signing certificate INFO: Storing ocsp_signing certificate DEBUG: - cert: MIID/DCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMFoXDTI2MTEwODA4NDExMFowNTEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFzAVBgNVBAMMDk9DU1AgU3Vic3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryKsXl44KNjobzq5qn10Bk0hZm2rL/FUKLBUtjaNyoaCl8xXrjh87JLzSY5S24qUtx+G6aywMiVrWQ4A95bhLHf+mmWhXwfeDeUtHU3a0LxhZ6SyqFqKaqu0Q/+L4SvvLfHxSkHGfZIJPIyrH3SEeJ6FVr5i421ZyuNmqyk2UyCeZt8I3bHD7/F4p+XHON/N2wMWEjfpC6YOlkmtosk5A2ZTO5jxIjvRJ12qbZW+k0iUnXZnMY8uGPP2o1BEtE8fQgIMIQ2EDd1yL4deReT6DH+Ft9BzpaLrCcnGhjnIvXu9A/wKux7ok8FtS9/F5+o2DZOTW52u4Ak62xZpSj93fQIDAQABo4GPMIGMMB8GA1UdIwQYMBaAFMfCnEU6OfOa86Atfiwtb+SLq541MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAYYnaHR0cDovL2lwYS1jYS5kYXRhbGFiLm5vdmFsb2NhbC9jYS9vY3NwMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQELBQADggGBAFzzy9MAt50Wcw3iIhWQNuoGY0SztNct379/OeuN2DrqlcfStAH0x720bZvO2PPxjZm0EQFrPvs36sShzYeJ2z6Dt2x7CmW54IE7n61tgvQ1xTPy546v1kCCOsMugcdyJIF/cb+kqJVUnUpWHIp3Sk9vou5M+NIGfX8qB+tAjEBmceZBS5Yxd4ZXJRgl5nyGXv0OgKQEQCzDr+P+W8u/4D0bNaUhmc8WeTPtemrIEU9R1kfL7k9zJi2sSmkm9mRrrhX425RHyJnURGLibNxWsmQQtVDWg9gCby1CY9tR2jI7hnGKkQYX8Yphme9lDLx87PDyWAKB0cktg5Lu5XhoIJe0WH/npebBl+M6qMQuvbq16uvK1hMuYh4QbBS3yV2d7wIYB37ITFT54g5/qF/LYmsV0X94vQtz6/CCdQ59+A3gGox2llVVq+hS8mXm5TJ1AFXvj6YvbYNoISke2FNSgHaHrj5hbu8avRGPyWvYjuIH9nErrB3ZHvBflTJXgKb0+g== DEBUG: - request: MIICejCCAWICAQAwNTEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFzAVBgNVBAMMDk9DU1AgU3Vic3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryKsXl44KNjobzq5qn10Bk0hZm2rL/FUKLBUtjaNyoaCl8xXrjh87JLzSY5S24qUtx+G6aywMiVrWQ4A95bhLHf+mmWhXwfeDeUtHU3a0LxhZ6SyqFqKaqu0Q/+L4SvvLfHxSkHGfZIJPIyrH3SEeJ6FVr5i421ZyuNmqyk2UyCeZt8I3bHD7/F4p+XHON/N2wMWEjfpC6YOlkmtosk5A2ZTO5jxIjvRJ12qbZW+k0iUnXZnMY8uGPP2o1BEtE8fQgIMIQ2EDd1yL4deReT6DH+Ft9BzpaLrCcnGhjnIvXu9A/wKux7ok8FtS9/F5+o2DZOTW52u4Ak62xZpSj93fQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAKvTrO/luJd4naG0Lu7QFlTbsIviAIPvBNWtJ5BiwkLN1JOmjeG0oLygMy7f3BlnMTw21FWKNBh5zB8IDcszDLNDlO4dn+lDPCUoE7HO9+LLpsZ8l524dcYfaTRgpCKZ0cuA543MyEi+7FrszbtaO5xOKpMJDT2LEhQYtI2MiLKXxvNsmWajKbSIs0gloOYIgSGqYz8KV+D80aGCE2EfsbOo0cPfKSxsZxebU9Gews4JJd0Rxt62pp2s1nYLA1rM3jhoCAUku5jyXU0DljNo+mJ2i8Hptybde2rESmVgLMrihDaitsMTtpFTs7GAiq1Iob5Dtihk7biBh2/bP5Af1rU= DEBUG: PKIDeployer.setup_cert() DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpjo1f1m18/password.txt -n Server-Cert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) ends DEBUG: returned from nssdb.get_cert INFO: Setting up sslserver certificate INFO: Storing sslserver certificate DEBUG: - cert: MIIELDCCApSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMVoXDTI2MTEwODA4NDExMVowQDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxIjAgBgNVBAMMGWRldmJvMDEuZGF0YWxhYi5ub3ZhbG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChyn1xsA4UGCY7AjuvE0Ll9RwGB66htP+kfWJlbXVFoYZdsANDaOEJt+rSwnjxzzQUgoWqSHVUQ2l5uI8tw1HaO3P6ROUB8aie6vMo3dvvw6H+PWe+CkRZyORfTI0koFnvAGj5tqquyLl7Ri0mncz2Pp2ERS2Np6MBpA28xQO4ZE1j2L/pa45H43NeMvdNRr7ZqPBAEV/N7hYHcBQVnPzYIzfIJ81igYS+7OaIQvEHjVwsmsbmWtkTWiktj8vEp02i0/UMdSVeksHAD2FYj1TvK8CxpHP0gToz7TmnFHhbqYMKKbw8LhYDlvohv8pOEBhgIV/wzxZeRgYwyJyGKvo1AgMBAAGjgbQwgbEwHwYDVR0jBBgwFoAUx8KcRTo585rzoC1+LC1v5IurnjUwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vaXBhLWNhLmRhdGFsYWIubm92YWxvY2FsL2NhL29jc3AwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCQGA1UdEQQdMBuCGWRldmJvMDEuZGF0YWxhYi5ub3ZhbG9jYWwwDQYJKoZIhvcNAQELBQADggGBAArIi+hBdav9CW64G8vTNAkv6zzHafVQZ5ayUcM/jx4Hac7BOTKhPhPL+srTVK0mPkgn1boCOkeVO3ZrwqhUiTeHI4rDNMKnR4l3fEulA0OR+oBLzELVbw3MzOSFQrF0yJdqjd/zDScnOji7xTQ6y/6iLh6rr+sQIvIIvlXFkRSbLS9jD4jDeZ5yLKxFXEZujXF9CtIbVrIiwgNDaUaDNJqBTB9VqxBfDgiY1n9SQs3hQZkvAfdF7D5VlbSreiLr8Z7SbKylI+Q1lfkIftvhogt42i0UpTbSVl/hus2iXHRF5ibu8n1ehjjOQ2PRcwT7LuA8QMVijxfvBAsSak9q47IkQuFBHvfGC7ntFdb1CJ2fEHETcnP+YAnoHoaQUKvmZwEz6qcF95B2v/1XCoVy80jK0MEknxU4r198GXsKdKWJYkKj9H/awWFK6KPlwwrZlTL+58bH/3987b3dVUNEwkcvjAVlb1S7dKmq8YyhkqcR/sIitZpXhRkeubmrFki9pw== DEBUG: - request: MIIChTCCAW0CAQAwQDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxIjAgBgNVBAMMGWRldmJvMDEuZGF0YWxhYi5ub3ZhbG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChyn1xsA4UGCY7AjuvE0Ll9RwGB66htP+kfWJlbXVFoYZdsANDaOEJt+rSwnjxzzQUgoWqSHVUQ2l5uI8tw1HaO3P6ROUB8aie6vMo3dvvw6H+PWe+CkRZyORfTI0koFnvAGj5tqquyLl7Ri0mncz2Pp2ERS2Np6MBpA28xQO4ZE1j2L/pa45H43NeMvdNRr7ZqPBAEV/N7hYHcBQVnPzYIzfIJ81igYS+7OaIQvEHjVwsmsbmWtkTWiktj8vEp02i0/UMdSVeksHAD2FYj1TvK8CxpHP0gToz7TmnFHhbqYMKKbw8LhYDlvohv8pOEBhgIV/wzxZeRgYwyJyGKvo1AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAMmRgGDOA7EepsrXAOxRSs7Vy1vwc3PD3zHX6r7XkGekGUX08llyTTW9LoHEu/fjHn6nEPzh2W15mCNm4fOilKYgqmO4hqSKGOk1ZEfnuB/194cnZX7RZXwIsWof0sRKsxhvrR/LICKKvE3ByldOlqT26gXViuSCHG6JYp7DV3SgS6wBl242QkCuA1pg4HbEXYowpAayWZlPtLMqjd9F7fmoiDw+/X8ehigLh19dOpRyWOF6TphuZwwSvnnG7U6mEY6AZUQucxLDflF0XURMlCbcFiXlQS8pozhYjPQWfAXM53ILxHp/Epm7tWKGMbbgxC2m6QUcOcoaoRCklY7c7IA== DEBUG: PKIDeployer.setup_cert() DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp28tyvzg2/password.txt -n subsystemCert cert-pki-ca -a DEBUG: Cert not found: subsystemCert cert-pki-ca DEBUG: returned from nssdb.get_cert INFO: Setting up subsystem certificate INFO: Storing subsystem certificate DEBUG: - cert: MIID+TCCAmGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMVoXDTI2MTEwODA4NDExMVowMzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFTATBgNVBAMMDENBIFN1YnN5c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALw67ekHw9x3iKL14P/KIpfIGq3o+cjaodSHo5HG1UT5JWMjEz10skmMT/JlCju85nxJ4FU8xGcSFm5F0b/B/kR4246Fxttx22q6lEAd9PqN3aGpmIdNdjuMSJQb9S//g4f12lC6/h/psJQlyhHOvQiSBVxB1J5Mv5DsnQ+rZ7NV2FkCIeWY780zU0m6mpPqWjpkpQVdYwxnmsF8KWt/t8gci87VFPO6nQ422tlAacb4QdgDn60/Lz+1aO4MBpHiwQlLdPq1tAmnXKCAiT6DNmVcdrt5fXZVcb8E44+nsTmEU8z2Xeiznc8Q9r4C2QLeWeMvk6M3scwxcQUXiQ2RhPcCAwEAAaOBjjCBizAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3ZhbG9jYWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAJ5wsGS8nY/eYQuEkCcmKEzlEnOv4IMYRAYBarLox4Xw7UCU0VtHkRcTfgzPJBK0S0iFZtU/zf5tFNiwR/o8IrgCT5hEYiZ+Q5RVZKsZbMuerrf0Nb4Wj11JnQh+mT+Ka/WzbR6rFgjggAAaMP8+0rgc5kRPZ40jSfVPbejpFOI/8idMPExZDIPfULBc2abCxxDAF1QDapzith8g3zYKj0vIhmar94x/gWn5BHHyVt91mLlVGCZPWpaXckYfKG+Nc+BD7Pr/032tALJNcT3al4vJFrZuMXVD4+ifNt/XC3jF2G1RQBfRLE5b7A/O21PJkXL3U2PSN3ZS9s5CZIU5aq6vOLomPiPmlIM0gwRtsoJJc+rjTVDsj1RtZXiACSuWefh+3waFGcgbRc4OVQ8CgjCq6AJlOFeXhSkX3q2N56aN+fb+V8Cuf7UF80rQkjp8pAOoyFumMGug3JPFN/yDQOnYYVY1jPsqMD4DyzS/u7FcV4EzuOqzQROXCFYvJLAShQ== DEBUG: - request: MIICeDCCAWACAQAwMzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFTATBgNVBAMMDENBIFN1YnN5c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALw67ekHw9x3iKL14P/KIpfIGq3o+cjaodSHo5HG1UT5JWMjEz10skmMT/JlCju85nxJ4FU8xGcSFm5F0b/B/kR4246Fxttx22q6lEAd9PqN3aGpmIdNdjuMSJQb9S//g4f12lC6/h/psJQlyhHOvQiSBVxB1J5Mv5DsnQ+rZ7NV2FkCIeWY780zU0m6mpPqWjpkpQVdYwxnmsF8KWt/t8gci87VFPO6nQ422tlAacb4QdgDn60/Lz+1aO4MBpHiwQlLdPq1tAmnXKCAiT6DNmVcdrt5fXZVcb8E44+nsTmEU8z2Xeiznc8Q9r4C2QLeWeMvk6M3scwxcQUXiQ2RhPcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAgcYbc2Ov/yFV/c6McYI691802KTAhGxwWIb3Nt1uAxCUNfdpPVfFVPI9bytDwCkP2E3bNtyguB3Z4ynlPCg+rKVYxt0sewA0pO7L9TxHO+H1w9WcUZ/HtCU2nqHtlAdOfv9N6pAzuboL/Z0yeuiEw4mXnolx+63KOvhVBA71jltdYeMv2Buh4hlKCAH8CBew9nv3eekovPC/E0IIYjvqt207QnA7swjqGeIDaDu0kQ7ogD2zMiBRjTHtoL3U5WwkVGSYvJHt6MgjZ5MGhEEY5IVC0GXTOnPhsfkb/WvTUrHVMqBzBo1/+c99N2c/LKjdwvdWhonIlaLvJ79Z1jGFF DEBUG: PKIDeployer.setup_cert() DEBUG: NSSDatabase.get_cert(auditSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpvq2huy1p/password.txt -n auditSigningCert cert-pki-ca -a DEBUG: Cert not found: auditSigningCert cert-pki-ca DEBUG: returned from nssdb.get_cert INFO: Setting up audit_signing certificate INFO: Storing audit_signing certificate DEBUG: - cert: MIID3jCCAkagAwIBAgIBBTANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMloXDTI2MTEwODA4NDExMlowLzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxETAPBgNVBAMMCENBIEF1ZGl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqruD1jOnMwabZhCtHr8dwgzHXkZsfJFmkHQdP0fhp6LIStQ3LKlRYeCGBX76HAQ25BKvHvsJ6lZyOQYHlbq2a7qPjSCF0qzz8f5YsOEsKb/zHqhUhEa25n7/CIyGuZAWzv+EpdiQxUf1T1ZB/3ybMHTLSe6OEFIbclkIpnJk/Viw1dhLEyClFWgnXAXOdxorIVOKifs5+HmPAy+HQN8OLC6Eje6vUfM7DxC2riSukUlJ0qULH6BoPfZZwLdYhBo71k5EVY+qbW0A3UW4c4DuGNGXlI0mREgi+sDnZ1ESKktAUlHIrFcqi9quSFkJaB/3wV5bcalRZjdXL5jUOrBDJwIDAQABo3gwdjAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTAOBgNVHQ8BAf8EBAMCBsAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vaXBhLWNhLmRhdGFsYWIubm92YWxvY2FsL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggGBAHiqVYcXXscPqbOxQ+uxw/fVMymIS/CSvEP4o/+6I2Nq43yjsb/wCAvLESvpwB/XsoYDxVUisZf5C3kx07SSmbU7Gv3Q0wJiYk++N3AgiRqgkWNlZTPwoDea88Bckspn6UeTdUZXcOGJACTFYZQuADZ9HkOzm48BjopYNnGHvhqnbVdbALsnZz0KggzgZXOtzwNGJb5zBwuInudF5Tf7Obbhvnww3HTsQpYCbZW7GjjCNc0b9J/smoLsXuq+gGrBaFm3dIbeW+zgLLJtVpkyAiq/cpsEIo9JsOD08FV/QqeXRzWhi2NlzVVi89OF/IMMTFEd8Fc0hP7aXCBuWfACvhswPQtE9LOskKifkzeDT3xVH/cgZqyQ+JgdFPvO9rY2YnjRkhX4Kcq4FX7atYpvG03BahhKtLbabAD9ND9kYMjoUXJJlg6foEqpUXAB+Ig8kbiO7r470EoKne1J871KoVsP+baM4C6t8NuFK+GTAkcHVaA5T/pDPgVYolZgwRzB4w== DEBUG: - request: MIICdDCCAVwCAQAwLzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxETAPBgNVBAMMCENBIEF1ZGl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqruD1jOnMwabZhCtHr8dwgzHXkZsfJFmkHQdP0fhp6LIStQ3LKlRYeCGBX76HAQ25BKvHvsJ6lZyOQYHlbq2a7qPjSCF0qzz8f5YsOEsKb/zHqhUhEa25n7/CIyGuZAWzv+EpdiQxUf1T1ZB/3ybMHTLSe6OEFIbclkIpnJk/Viw1dhLEyClFWgnXAXOdxorIVOKifs5+HmPAy+HQN8OLC6Eje6vUfM7DxC2riSukUlJ0qULH6BoPfZZwLdYhBo71k5EVY+qbW0A3UW4c4DuGNGXlI0mREgi+sDnZ1ESKktAUlHIrFcqi9quSFkJaB/3wV5bcalRZjdXL5jUOrBDJwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAITgHJmWpZ0vxipP5Rw1L9gLVdnk6x+kE1Azi58eI+yKWbD6SvChgqyWZPhw7QTNhUuG9D6KDrU5BZrdCwJGReyjn2O+Q1s4hr3SJQEmBUuGiNH7fir81yixu2mEtaWj5dnhwWCNQR8VKY7AVMX7uIRDlF0eW5PT6iSnTyE6da0cOChO419NUZPx9+2cuSoD/sk6OWynQP7vyeUmGmNjTDuIdO5Xp+BhvywVaYl8NuqOuMBg/8ZDhtdtLMvUqBPf48TdSygiLyiMq7hle1ZTgF308aVV9BoLp7pS6EGRb2cwilcXN92NIqvmKkcHarDVPrI2Xp8lzDzPEtKs4hgMS00= INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Setting up subsystem user INFO: Adding CA-devbo01.datalab.novalocal-8443 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-add --full-name CA-devbo01.datalab.novalocal-8443 --type agentType --state 1 --debug CA-devbo01.datalab.novalocal-8443 INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 INFO: Adding uid=CA-devbo01.datalab.novalocal-8443,ou=People,o=ipaca FINE: UGSubsystem: - objectclass: [top, person, organizationalPerson, inetOrgPerson, cmsuser] FINE: UGSubsystem: - uid: CA-devbo01.datalab.novalocal-8443 FINE: UGSubsystem: - sn: CA-devbo01.datalab.novalocal-8443 FINE: UGSubsystem: - cn: CA-devbo01.datalab.novalocal-8443 FINE: UGSubsystem: - usertype: agentType FINE: UGSubsystem: - userstate: 1 INFO: Admin UID: null added User UID: CA-devbo01.datalab.novalocal-8443 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding certificate for CA-devbo01.datalab.novalocal-8443 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-cert-add --format PEM --debug CA-devbo01.datalab.novalocal-8443 INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 INFO: Admin UID: null added cert for User UID: CA-devbo01.datalab.novalocal-8443. cert DN: CN=CA Subsystem,O=DATALAB.NOVALOCAL serial number: 0x4 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding CA-devbo01.datalab.novalocal-8443 into Subsystem Group DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Subsystem Group CA-devbo01.datalab.novalocal-8443 FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Subsystem Group,ou=Groups,o=ipaca FINE: description: Subsystem Group FINE: uniqueMember: uid=CA-devbo01.datalab.novalocal-8443,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Getting admin certificate DEBUG: PKIDeployer.get_admin_cert() INFO: Generating CSR for cn=ipa-ca-agent,O=DATALAB.NOVALOCAL DEBUG: Command: certutil -R -d /root/.dogtag/pki-tomcat/ca/alias -s cn=ipa-ca-agent,O=DATALAB.NOVALOCAL -k rsa -g 2048 -z /root/.dogtag/pki-tomcat/ca/alias/noise -f /root/.dogtag/pki-tomcat/ca/password.conf -o /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin INFO: Removing /root/.dogtag/pki-tomcat/ca/alias/noise DEBUG: Command: rm -f /root/.dogtag/pki-tomcat/ca/alias/noise DEBUG: Command: BtoA /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc DEBUG: Admin cert: MIIEAzCCAmugAwIBAgIBBjANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExOFoXDTI2MTEwODA4NDExOFowMzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFTATBgNVBAMMDGlwYS1jYS1hZ2VudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcBEbFrTBQgtCZv4DRlGADAYyvQC7QtaeITvmz8vRIQsHAZEYVzVssfTB1hZJeFTATuSHmLs4HSXtItT6Bu7R25U6a3gfDEOGggvYYn+YwKa7h/ZXCtsZN0r8P0iX7+XJMjbnxd0/1QvwH5chLcBvYlAX7fFELeGJ8wO1n+lzuJ8/O5xlBtJ5xzGIzyQOKvCD2Irs5iojHujbrp/SM+Oxt5z13F3HjFI1+YFo5lpglGj4u6UNoPHBjRQ/3cfizFKg2AvpWYLKKkm8/6vqVDz5eoS9zfWMseqmT1S6HMf1nkj0I2TYTLnifqKuenHbx3lfsnM3Op8L0a7uLy8sWyKF0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3ZhbG9jYWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQCmw3E+d46oOIcs8UxdSyXoLgRwexB0IAImbREPNONQFE1P+YFgkx4kub8miq9lt/Lv3YCOmf0M3CuXqCUbAWuth3qb0boQDIatsVVx84kpn4gP4V4V/AVy2R+YY8K7C5RSavyCY1SsSGBHy9hHGBiIir1A8G/e2nkPDIXqJtiF6+F8zeWJpntukqdegzfs0yfXZIm7aq5K2ay91b5KOM20ItB/zyIiaeJ4eVNdeC3tko4Dje83vsTG2gysW4k4BjtXVd/CGeQaOk1V0EICQofNCp+CPtyXvSHRSbxjfSLGOtva0pYmr2Iv1FU6PUqnxVxjMzgzLa6xuOIu/O2BE5/rzvySRAAIpQtCZuGvwgDhGLN6iD04nM2njHkAtIjspm048WqfUXVC9t0zDRHYGNeGHVaY08wu6NwRsvvI+9Tv+j/yuGY+2LVi2xC5DNE1urEELN/ISzkioQfs7kqQR5pkp3y6Bft6nEx0c/CShZ2IC3u4z5tKllpYzsmMTCm8YXQ= DEBUG: ConfigClient.process_admin_cert() INFO: Storing admin certificate into /root/.dogtag/pki-tomcat/ca_admin.cert DEBUG: saving CA devbo01.datalab.novalocal 8443 Admin Certificate to file: /root/.dogtag/pki-tomcat/ca_admin.cert INFO: Importing admin certificate into /root/.dogtag/pki-tomcat/ca/alias DEBUG: NSSDatabase.add_cert(ipa-ca-agent) DEBUG: Command: certutil -A -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf -n ipa-ca-agent -a -i /root/.dogtag/pki-tomcat/ca_admin.cert -t ,, DEBUG: ConfigClient.process_admin_p12() INFO: Exporting admin certificate into /root/ca-agent.p12 INFO: Creating /root INFO: Exporting ipa-ca-agent cert and key into /root/ca-agent.p12 DEBUG: Command: pk12util -d /root/.dogtag/pki-tomcat/ca/alias -o /root/ca-agent.p12 -n ipa-ca-agent -w /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf -k /root/.dogtag/pki-tomcat/ca/password.conf INFO: Setting up admin user DEBUG: Command: /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-add --full-name admin --email root@localhost --password-file /tmp/tmpxlj1vaot/password.txt --type adminType --state 1 --debug admin INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 INFO: Adding uid=admin,ou=People,o=ipaca FINE: UGSubsystem: - objectclass: [top, person, organizationalPerson, inetOrgPerson, cmsuser] FINE: UGSubsystem: - uid: admin FINE: UGSubsystem: - sn: admin FINE: UGSubsystem: - cn: admin FINE: UGSubsystem: - mail: root@localhost FINE: UGSubsystem: - userPassword: ******** FINE: UGSubsystem: - usertype: adminType FINE: UGSubsystem: - userstate: 1 INFO: Admin UID: null added User UID: admin FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Certificate Manager Agents DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Certificate Manager Agents admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Certificate Manager Agents,ou=Groups,o=ipaca FINE: description: Agents for Certificate Manager FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Administrators,ou=Groups,o=ipaca FINE: description: People who manage the Certificate System FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Security Domain Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Security Domain Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Security Domain Administrators,ou=Groups,o=ipaca FINE: description: People who are the Security Domain administrators FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise CA Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise CA Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise CA Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for CA FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise KRA Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise KRA Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise KRA Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for KRA FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise RA Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise RA Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise RA Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for RA FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise TKS Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise TKS Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise TKS Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for TKS FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise OCSP Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise OCSP Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise OCSP Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for OCSP FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise TPS Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise TPS Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise TPS Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for TPS FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding certificate for admin DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-cert-add --format DER --debug admin INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 INFO: Admin UID: null added cert for User UID: admin. cert DN: CN=ipa-ca-agent,O=DATALAB.NOVALOCAL serial number: 0x6 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Creating security domain DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-sd-create --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Adding ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityDomain FINE: - name: IPA FINE: - ou: Security Domain INFO: Adding cn=CAList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: CAList INFO: Adding cn=OCSPList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: OCSPList INFO: Adding cn=KRAList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: KRAList INFO: Adding cn=RAList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: RAList INFO: Adding cn=TKSList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: TKSList INFO: Adding cn=TPSList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: TPSList INFO: Adding security domain manager DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-sd-host-add --hostname devbo01.datalab.novalocal --unsecure-port 80 --secure-port 443 --domain-manager --debug CA devbo01.datalab.novalocal 8443 INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Adding cn=devbo01.datalab.novalocal:443,cn=CAList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSubsystem FINE: - cn: devbo01.datalab.novalocal:443 FINE: - SubsystemName: CA devbo01.datalab.novalocal 8443 FINE: - Host: devbo01.datalab.novalocal FINE: - UnSecurePort: 80 FINE: - SecurePort: 443 FINE: - SecureAgentPort: 443 FINE: - SecureAdminPort: 443 FINE: - SecureEEClientAuthPort: 443 FINE: - DomainManager: TRUE FINE: - Clone: FALSE INFO: Setting up database user INFO: Adding pkidbuser DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-add --full-name pkidbuser --type agentType --state 1 --attributes nsPagedSizeLimit:20000 --debug pkidbuser INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 INFO: Adding uid=pkidbuser,ou=People,o=ipaca FINE: UGSubsystem: - objectclass: [top, person, organizationalPerson, inetOrgPerson, cmsuser] FINE: UGSubsystem: - uid: pkidbuser FINE: UGSubsystem: - sn: pkidbuser FINE: UGSubsystem: - cn: pkidbuser FINE: UGSubsystem: - usertype: agentType FINE: UGSubsystem: - userstate: 1 FINE: UGSubsystem: - nsPagedSizeLimit: [Ljava.lang.String;@27a5f880 INFO: Admin UID: null added User UID: pkidbuser FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection DEBUG: get_subsystem_cert INFO: Getting subsystem cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting subsystem cert info from NSS database DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpj0xkr_qu/password.txt -n subsystemCert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) ends DEBUG: NSSDatabase.get_trust(subsystemCert cert-pki-ca) DEBUG: fullname: subsystemCert cert-pki-ca DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmps_mx0_w9/password.txt DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) ends DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpjjnksccg/password.txt -n subsystemCert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) ends INFO: Adding subsystem cert into pkidbuser DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-cert-add --format PEM --debug pkidbuser INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 INFO: Admin UID: null added cert for User UID: pkidbuser. cert DN: CN=CA Subsystem,O=DATALAB.NOVALOCAL serial number: 0x4 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Linking pkidbuser to subsystem cert: CN=CA Subsystem,O=DATALAB.NOVALOCAL DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-mod --add-see-also CN=CA Subsystem,O=DATALAB.NOVALOCAL --debug pkidbuser INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 INFO: Admin UID: null added cert subject DN for User UID: pkidbuser. cert DN: CN=CA Subsystem,O=DATALAB.NOVALOCAL FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Finding other users linked to subsystem cert DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-find --see-also CN=CA Subsystem,O=DATALAB.NOVALOCAL --debug --output-format json INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 INFO: LDAP: search ou=People,o=ipaca with (seeAlso=CN=CA Subsystem,O=DATALAB.NOVALOCAL) FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding pkidbuser into Subsystem Group DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Subsystem Group pkidbuser FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Subsystem Group,ou=Groups,o=ipaca FINE: description: Subsystem Group FINE: uniqueMember: uid=CA-devbo01.datalab.novalocal-8443,ou=People,o=ipaca FINE: uniqueMember: uid=pkidbuser,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding pkidbuser into Certificate Manager Agents DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Certificate Manager Agents pkidbuser FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Certificate Manager Agents,ou=Groups,o=ipaca FINE: description: Agents for Certificate Manager FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: uniqueMember: uid=pkidbuser,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Updating CA ranges DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-range-update --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Updating serial number range INFO: Updating request number range INFO: Starting CRL number: 0 INFO: Enabling profile subsystem INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: CA configuration complete INFO: Stopping PKI server DEBUG: Command: systemctl stop pki-tomcatd@pki-tomcat.service INFO: Waiting for PKI server to stop INFO: PKI server stopped INFO: Removing temp SSL server cert from internal token: Server-Cert cert-pki-ca DEBUG: Command: certutil -D -d /etc/pki/pki-tomcat/alias -f /tmp/tmpc4bqckcf/password.txt -n Server-Cert cert-pki-ca INFO: Importing permanent SSL server cert into internal token: Server-Cert cert-pki-ca DEBUG: NSSDatabase.add_cert(Server-Cert cert-pki-ca) DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmppr0p5esh/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpwkuu9qfu/sslserver.crt -t ,, INFO: Starting PKI server DEBUG: Command: systemctl start pki-tomcatd@pki-tomcat.service INFO: Waiting for PKI server to start INFO: Waiting for PKI server to start (1s) INFO: PKI server started INFO: Waiting for CA subsystem INFO: Subsystem status: running INFO: Finalizing subsystem creation INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Backing up keys into /etc/pki/pki-tomcat/alias/ca_backup_keys.p12 DEBUG: Command: pki-server subsystem-cert-export ca -i pki-tomcat --pkcs12-file /etc/pki/pki-tomcat/alias/ca_backup_keys.p12 --pkcs12-password-file /tmp/tmpzrf6rmib/password.txt DEBUG: Command: systemctl enable pki-tomcatd@pki-tomcat.service INFO: Removing directory /root/.dogtag/pki-tomcat/ca DEBUG: Command: rm -rf /root/.dogtag/pki-tomcat/ca INFO: END spawning CA subsystem in pki-tomcat instance INFO: Creating /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118094009 DEBUG: Command: cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118094009 DEBUG: Command: chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118094009 DEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118094009 INFO: Creating /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118094009 DEBUG: Command: cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118094009 DEBUG: Command: chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118094009 DEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118094009 2024-11-18T08:42:09Z DEBUG completed creating ca instance 2024-11-18T08:42:09Z DEBUG step duration: pki-tomcatd __spawn_instance 120.40 sec 2024-11-18T08:42:09Z DEBUG [2/29]: stopping certificate server instance to update CS.cfg 2024-11-18T08:42:09Z DEBUG Starting external process 2024-11-18T08:42:09Z DEBUG args=['/bin/systemctl', 'stop', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:42:10Z DEBUG Process finished, return code=0 2024-11-18T08:42:10Z DEBUG stdout= 2024-11-18T08:42:10Z DEBUG stderr= 2024-11-18T08:42:10Z DEBUG Stop of pki-tomcatd@pki-tomcat.service complete 2024-11-18T08:42:10Z DEBUG step duration: pki-tomcatd stop_instance 1.09 sec 2024-11-18T08:42:10Z DEBUG [3/29]: backing up CS.cfg 2024-11-18T08:42:10Z DEBUG Starting external process 2024-11-18T08:42:10Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:42:10Z DEBUG Process finished, return code=3 2024-11-18T08:42:10Z DEBUG stdout=inactive 2024-11-18T08:42:10Z DEBUG stderr= 2024-11-18T08:42:10Z DEBUG step duration: pki-tomcatd safe_backup_config 0.03 sec 2024-11-18T08:42:10Z DEBUG [4/29]: Add ipa-pki-wait-running 2024-11-18T08:42:10Z DEBUG Starting external process 2024-11-18T08:42:10Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:42:10Z DEBUG Process finished, return code=0 2024-11-18T08:42:10Z DEBUG stdout= 2024-11-18T08:42:10Z DEBUG stderr= 2024-11-18T08:42:10Z DEBUG step duration: pki-tomcatd add_ipa_wait 0.31 sec 2024-11-18T08:42:10Z DEBUG [5/29]: secure AJP connector 2024-11-18T08:42:10Z DEBUG Starting external process 2024-11-18T08:42:10Z DEBUG args=['/usr/sbin/tomcat', 'version'] 2024-11-18T08:42:10Z DEBUG Process finished, return code=0 2024-11-18T08:42:10Z DEBUG stdout=Server version: Apache Tomcat/9.0.87 Server built: Mar 11 2024 10:12:34 UTC Server number: 9.0.87.0 OS Name: Linux OS Version: 4.18.0-553.16.1.el8_10.x86_64 Architecture: amd64 JVM Version: 1.8.0_432-b06 JVM Vendor: Red Hat, Inc. 2024-11-18T08:42:10Z DEBUG stderr= 2024-11-18T08:42:10Z DEBUG Starting external process 2024-11-18T08:42:10Z DEBUG args=['/usr/sbin/tomcat', 'version'] 2024-11-18T08:42:11Z DEBUG Process finished, return code=0 2024-11-18T08:42:11Z DEBUG stdout=Server version: Apache Tomcat/9.0.87 Server built: Mar 11 2024 10:12:34 UTC Server number: 9.0.87.0 OS Name: Linux OS Version: 4.18.0-553.16.1.el8_10.x86_64 Architecture: amd64 JVM Version: 1.8.0_432-b06 JVM Vendor: Red Hat, Inc. 2024-11-18T08:42:11Z DEBUG stderr= 2024-11-18T08:42:11Z DEBUG step duration: pki-tomcatd secure_ajp_connector 0.45 sec 2024-11-18T08:42:11Z DEBUG [6/29]: reindex attributes 2024-11-18T08:42:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:11Z DEBUG Creating ipaca reindex task cn=indextask_ipaca_1731919331,cn=index,cn=tasks,cn=config 2024-11-18T08:42:11Z DEBUG Waiting for task... 2024-11-18T08:42:12Z DEBUG Task cn=indextask_ipaca_1731919331,cn=index,cn=tasks,cn=config has finished with exit code 0 2024-11-18T08:42:12Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:12Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd reindex_task 1.03 sec 2024-11-18T08:42:12Z DEBUG [7/29]: exporting Dogtag certificate store pin 2024-11-18T08:42:12Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd create_certstore_passwdfile 0.00 sec 2024-11-18T08:42:12Z DEBUG [8/29]: disabling nonces 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd __disable_nonce 0.01 sec 2024-11-18T08:42:12Z DEBUG [9/29]: set up CRL publishing 2024-11-18T08:42:12Z DEBUG Starting external process 2024-11-18T08:42:12Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:12Z DEBUG Process finished, return code=0 2024-11-18T08:42:12Z DEBUG stdout= 2024-11-18T08:42:12Z DEBUG stderr= 2024-11-18T08:42:12Z DEBUG Starting external process 2024-11-18T08:42:12Z DEBUG args=['/sbin/restorecon', '/var/lib/ipa/pki-ca/publish'] 2024-11-18T08:42:12Z DEBUG Process finished, return code=0 2024-11-18T08:42:12Z DEBUG stdout= 2024-11-18T08:42:12Z DEBUG stderr= 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd __enable_crl_publish 0.11 sec 2024-11-18T08:42:12Z DEBUG [10/29]: enable PKIX certificate path discovery and validation 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd enable_pkix 0.00 sec 2024-11-18T08:42:12Z DEBUG [11/29]: authorizing RA to modify profiles 2024-11-18T08:42:12Z DEBUG update_entry modlist [(0, 'resourceACLS', [b'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles'])] 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd configure_profiles_acl 0.01 sec 2024-11-18T08:42:12Z DEBUG [12/29]: authorizing RA to manage lightweight CAs 2024-11-18T08:42:12Z DEBUG update_entry modlist [(0, 'resourceACLS', [b'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities'])] 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd configure_lightweight_ca_acls 0.01 sec 2024-11-18T08:42:12Z DEBUG [13/29]: Ensure lightweight CAs container exists 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd ensure_lightweight_cas_container 0.00 sec 2024-11-18T08:42:12Z DEBUG [14/29]: Ensuring backward compatibility 2024-11-18T08:42:12Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:42:12Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:42:13Z DEBUG Created connection context.ldap2_139840935954640 2024-11-18T08:42:13Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T08:42:13Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:42:13Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:42:13Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:42:14Z DEBUG Parsing update file '/usr/share/ipa/updates/50-dogtag10-migration.update' 2024-11-18T08:42:14Z DEBUG Updating existing entry: cn=aclResources,o=ipaca 2024-11-18T08:42:14Z DEBUG --------------------------------------------- 2024-11-18T08:42:14Z DEBUG Initial value 2024-11-18T08:42:14Z DEBUG dn: cn=aclResources,o=ipaca 2024-11-18T08:42:14Z DEBUG resourceACLS: 2024-11-18T08:42:14Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete 2024-11-18T08:42:14Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml 2024-11-18T08:42:14Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter 2024-11-18T08:42:14Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log 2024-11-18T08:42:14Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:42:14Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:42:14Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets 2024-11-18T08:42:14Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory 2024-11-18T08:42:14Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate 2024-11-18T08:42:14Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates 2024-11-18T08:42:14Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests 2024-11-18T08:42:14Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request 2024-11-18T08:42:14Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information 2024-11-18T08:42:14Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests 2024-11-18T08:42:14Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl 2024-11-18T08:42:14Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate 2024-11-18T08:42:14Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates 2024-11-18T08:42:14Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain 2024-11-18T08:42:14Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL 2024-11-18T08:42:14Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request 2024-11-18T08:42:14Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status 2024-11-18T08:42:14Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request 2024-11-18T08:42:14Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate 2024-11-18T08:42:14Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request 2024-11-18T08:42:14Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile 2024-11-18T08:42:14Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile 2024-11-18T08:42:14Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles 2024-11-18T08:42:14Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests 2024-11-18T08:42:14Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA 2024-11-18T08:42:14Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics 2024-11-18T08:42:14Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups 2024-11-18T08:42:14Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information 2024-11-18T08:42:14Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent 2024-11-18T08:42:14Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. 2024-11-18T08:42:14Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. 2024-11-18T08:42:14Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T08:42:14Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T08:42:14Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T08:42:14Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T08:42:14Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. 2024-11-18T08:42:14Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities 2024-11-18T08:42:14Z DEBUG objectClass: 2024-11-18T08:42:14Z DEBUG top 2024-11-18T08:42:14Z DEBUG CertACLS 2024-11-18T08:42:14Z DEBUG cn: 2024-11-18T08:42:14Z DEBUG aclResources 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout'] 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations'] 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations'] 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations'] 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations'] 2024-11-18T08:42:14Z DEBUG replace: certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group":Anybody is allowed to read domain.xml but only Subsystem group is allowed to modify the domain.xml not found, skipping 2024-11-18T08:42:14Z DEBUG replace: updated value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'] 2024-11-18T08:42:14Z DEBUG replace: certServer.ca.connectorInfo:read,modify:allow (modify,read) group="Enterprise KRA Administrators":Only Enterprise Administrators are allowed to update the connector information not found, skipping 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles'] 2024-11-18T08:42:14Z DEBUG --------------------------------------------- 2024-11-18T08:42:14Z DEBUG Final value after applying updates 2024-11-18T08:42:14Z DEBUG dn: cn=aclResources,o=ipaca 2024-11-18T08:42:14Z DEBUG resourceACLS: 2024-11-18T08:42:14Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete 2024-11-18T08:42:14Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter 2024-11-18T08:42:14Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log 2024-11-18T08:42:14Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:42:14Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:42:14Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets 2024-11-18T08:42:14Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory 2024-11-18T08:42:14Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate 2024-11-18T08:42:14Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates 2024-11-18T08:42:14Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests 2024-11-18T08:42:14Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request 2024-11-18T08:42:14Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information 2024-11-18T08:42:14Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests 2024-11-18T08:42:14Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl 2024-11-18T08:42:14Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate 2024-11-18T08:42:14Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates 2024-11-18T08:42:14Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain 2024-11-18T08:42:14Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL 2024-11-18T08:42:14Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request 2024-11-18T08:42:14Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status 2024-11-18T08:42:14Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request 2024-11-18T08:42:14Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate 2024-11-18T08:42:14Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request 2024-11-18T08:42:14Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile 2024-11-18T08:42:14Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile 2024-11-18T08:42:14Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles 2024-11-18T08:42:14Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests 2024-11-18T08:42:14Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA 2024-11-18T08:42:14Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics 2024-11-18T08:42:14Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups 2024-11-18T08:42:14Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information 2024-11-18T08:42:14Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent 2024-11-18T08:42:14Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. 2024-11-18T08:42:14Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. 2024-11-18T08:42:14Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T08:42:14Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T08:42:14Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T08:42:14Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T08:42:14Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. 2024-11-18T08:42:14Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T08:42:14Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T08:42:14Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T08:42:14Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T08:42:14Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T08:42:14Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml 2024-11-18T08:42:14Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T08:42:14Z DEBUG objectClass: 2024-11-18T08:42:14Z DEBUG top 2024-11-18T08:42:14Z DEBUG CertACLS 2024-11-18T08:42:14Z DEBUG cn: 2024-11-18T08:42:14Z DEBUG aclResources 2024-11-18T08:42:14Z DEBUG [(1, 'resourceACLS', ['certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml']), (0, 'resourceACLS', ['certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'])] 2024-11-18T08:42:14Z DEBUG Updated 1 2024-11-18T08:42:14Z DEBUG update_entry modlist [(1, 'resourceACLS', [b'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml']), (0, 'resourceACLS', [b'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'])] 2024-11-18T08:42:14Z DEBUG Done 2024-11-18T08:42:14Z DEBUG LDAP update duration: /usr/share/ipa/updates/50-dogtag10-migration.update 0.019 sec 2024-11-18T08:42:14Z DEBUG Destroyed connection context.ldap2_139840935954640 2024-11-18T08:42:14Z DEBUG step duration: pki-tomcatd __dogtag10_migration 1.94 sec 2024-11-18T08:42:14Z DEBUG [15/29]: starting certificate server instance 2024-11-18T08:42:14Z DEBUG Starting external process 2024-11-18T08:42:14Z DEBUG args=['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:42:26Z DEBUG Process finished, return code=0 2024-11-18T08:42:26Z DEBUG stdout= 2024-11-18T08:42:26Z DEBUG stderr= 2024-11-18T08:42:26Z DEBUG Starting external process 2024-11-18T08:42:26Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:42:26Z DEBUG Process finished, return code=0 2024-11-18T08:42:26Z DEBUG stdout=active 2024-11-18T08:42:26Z DEBUG stderr= 2024-11-18T08:42:26Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 120 2024-11-18T08:42:26Z DEBUG waiting for port: 8080 2024-11-18T08:42:26Z DEBUG SUCCESS: port: 8080 2024-11-18T08:42:26Z DEBUG waiting for port: 8443 2024-11-18T08:42:26Z DEBUG SUCCESS: port: 8443 2024-11-18T08:42:26Z DEBUG Start of pki-tomcatd@pki-tomcat.service complete 2024-11-18T08:42:26Z DEBUG step duration: pki-tomcatd start_instance 12.53 sec 2024-11-18T08:42:26Z DEBUG [16/29]: configure certmonger for renewals 2024-11-18T08:42:26Z DEBUG Starting external process 2024-11-18T08:42:26Z DEBUG args=['/bin/systemctl', 'enable', 'certmonger.service'] 2024-11-18T08:42:27Z DEBUG Process finished, return code=0 2024-11-18T08:42:27Z DEBUG stdout= 2024-11-18T08:42:27Z DEBUG stderr=Created symlink /etc/systemd/system/multi-user.target.wants/certmonger.service → /usr/lib/systemd/system/certmonger.service. 2024-11-18T08:42:27Z DEBUG Starting external process 2024-11-18T08:42:27Z DEBUG args=['/bin/systemctl', 'is-active', 'dbus.service'] 2024-11-18T08:42:27Z DEBUG Process finished, return code=0 2024-11-18T08:42:27Z DEBUG stdout=active 2024-11-18T08:42:27Z DEBUG stderr= 2024-11-18T08:42:27Z DEBUG Starting external process 2024-11-18T08:42:27Z DEBUG args=['/bin/systemctl', 'start', 'certmonger.service'] 2024-11-18T08:42:27Z DEBUG Process finished, return code=0 2024-11-18T08:42:27Z DEBUG stdout= 2024-11-18T08:42:27Z DEBUG stderr= 2024-11-18T08:42:27Z DEBUG Starting external process 2024-11-18T08:42:27Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service'] 2024-11-18T08:42:27Z DEBUG Process finished, return code=0 2024-11-18T08:42:27Z DEBUG stdout=active 2024-11-18T08:42:27Z DEBUG stderr= 2024-11-18T08:42:27Z DEBUG Start of certmonger.service complete 2024-11-18T08:42:27Z DEBUG step duration: pki-tomcatd configure_certmonger_renewal_helpers 0.84 sec 2024-11-18T08:42:27Z DEBUG [17/29]: requesting RA certificate from CA 2024-11-18T08:42:27Z DEBUG Response is not valid JSON, try XML 2024-11-18T08:42:27Z DEBUG Starting external process 2024-11-18T08:42:27Z DEBUG args=['/usr/bin/openssl', 'pkcs7', '-inform', 'DER', '-print_certs', '-out', '/var/lib/ipa/tmp1o57s7gg'] 2024-11-18T08:42:27Z DEBUG Process finished, return code=0 2024-11-18T08:42:27Z DEBUG stdout= 2024-11-18T08:42:27Z DEBUG stderr= 2024-11-18T08:42:27Z DEBUG Starting external process 2024-11-18T08:42:27Z DEBUG args=['/usr/bin/openssl', 'pkcs12', '-nokeys', '-clcerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmpson3_221', '-passin', 'file:/tmp/tmpswdxid5q'] 2024-11-18T08:42:28Z DEBUG Process finished, return code=0 2024-11-18T08:42:28Z DEBUG stdout= 2024-11-18T08:42:28Z DEBUG stderr= 2024-11-18T08:42:28Z DEBUG Starting external process 2024-11-18T08:42:28Z DEBUG args=['/usr/bin/openssl', 'pkcs12', '-nocerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmpv5huf7dd', '-passin', 'file:/tmp/tmpiymsqu4w', '-nodes'] 2024-11-18T08:42:28Z DEBUG Process finished, return code=0 2024-11-18T08:42:28Z DEBUG stdout= 2024-11-18T08:42:28Z DEBUG stderr= 2024-11-18T08:42:29Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' 2024-11-18T08:42:29Z DEBUG certmonger request is in state 'SUBMITTING' 2024-11-18T08:42:31Z DEBUG certmonger request is in state 'PRE_SAVE_CERT' 2024-11-18T08:42:32Z DEBUG certmonger request is in state 'POST_SAVED_CERT' 2024-11-18T08:42:34Z DEBUG certmonger request is in state 'MONITORING' 2024-11-18T08:42:34Z DEBUG Cert request 20241118084228 was successful 2024-11-18T08:42:34Z DEBUG Starting external process 2024-11-18T08:42:34Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:34Z DEBUG Process finished, return code=0 2024-11-18T08:42:34Z DEBUG stdout= 2024-11-18T08:42:34Z DEBUG stderr= 2024-11-18T08:42:34Z DEBUG Starting external process 2024-11-18T08:42:34Z DEBUG args=['/sbin/restorecon', '/var/lib/ipa/ra-agent.pem'] 2024-11-18T08:42:34Z DEBUG Process finished, return code=0 2024-11-18T08:42:34Z DEBUG stdout= 2024-11-18T08:42:34Z DEBUG stderr= 2024-11-18T08:42:34Z DEBUG Starting external process 2024-11-18T08:42:34Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:34Z DEBUG Process finished, return code=0 2024-11-18T08:42:34Z DEBUG stdout= 2024-11-18T08:42:34Z DEBUG stderr= 2024-11-18T08:42:34Z DEBUG Starting external process 2024-11-18T08:42:34Z DEBUG args=['/sbin/restorecon', '/var/lib/ipa/ra-agent.key'] 2024-11-18T08:42:34Z DEBUG Process finished, return code=0 2024-11-18T08:42:34Z DEBUG stdout= 2024-11-18T08:42:34Z DEBUG stderr= 2024-11-18T08:42:34Z DEBUG step duration: pki-tomcatd __request_ra_certificate 7.29 sec 2024-11-18T08:42:34Z DEBUG [18/29]: publishing the CA certificate 2024-11-18T08:42:34Z DEBUG Response is not valid JSON, try XML 2024-11-18T08:42:34Z DEBUG step duration: pki-tomcatd __export_ca_chain 0.04 sec 2024-11-18T08:42:34Z DEBUG [19/29]: adding RA agent as a trusted user 2024-11-18T08:42:34Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Certificate Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember 2024-11-18T08:42:34Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Registration Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember 2024-11-18T08:42:34Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Security Domain Administrators,ou=groups,o=ipaca member_attr=uniqueMember 2024-11-18T08:42:34Z DEBUG step duration: pki-tomcatd __create_ca_agent 0.02 sec 2024-11-18T08:42:34Z DEBUG [20/29]: configure certificate renewals 2024-11-18T08:42:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:35Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:35Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:36Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:37Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:38Z DEBUG step duration: pki-tomcatd configure_renewal 3.99 sec 2024-11-18T08:42:38Z DEBUG [21/29]: Configure HTTP to proxy connections 2024-11-18T08:42:38Z DEBUG step duration: pki-tomcatd http_proxy 0.00 sec 2024-11-18T08:42:38Z DEBUG [22/29]: updating IPA configuration 2024-11-18T08:42:38Z DEBUG step duration: pki-tomcatd update_ipa_conf 0.00 sec 2024-11-18T08:42:38Z DEBUG [23/29]: enabling CA instance 2024-11-18T08:42:38Z DEBUG Starting external process 2024-11-18T08:42:38Z DEBUG args=['/bin/systemctl', 'unmask', 'pki-tomcatd.target'] 2024-11-18T08:42:39Z DEBUG Process finished, return code=0 2024-11-18T08:42:39Z DEBUG stdout= 2024-11-18T08:42:39Z DEBUG stderr= 2024-11-18T08:42:39Z DEBUG Starting external process 2024-11-18T08:42:39Z DEBUG args=['/bin/systemctl', 'disable', 'pki-tomcatd.target'] 2024-11-18T08:42:39Z DEBUG Process finished, return code=0 2024-11-18T08:42:39Z DEBUG stdout= 2024-11-18T08:42:39Z DEBUG stderr= 2024-11-18T08:42:39Z DEBUG step duration: pki-tomcatd __enable_instance 0.66 sec 2024-11-18T08:42:39Z DEBUG [24/29]: importing IPA certificate profiles 2024-11-18T08:42:39Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:39Z DEBUG request GET https://devbo01.datalab.novalocal:443/ca/rest/account/login 2024-11-18T08:42:39Z DEBUG request body '' 2024-11-18T08:42:39Z DEBUG httplib request failed: Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/ipapython/dogtag.py", line 271, in _httplib_request conn.request(method, path, body=request_body, headers=headers) File "/usr/lib64/python3.6/http/client.py", line 1273, in request self._send_request(method, url, body, headers, encode_chunked) File "/usr/lib64/python3.6/http/client.py", line 1319, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/usr/lib64/python3.6/http/client.py", line 1268, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/usr/lib64/python3.6/http/client.py", line 1044, in _send_output self.send(msg) File "/usr/lib64/python3.6/http/client.py", line 982, in send self.connect() File "/usr/lib64/python3.6/http/client.py", line 1433, in connect super().connect() File "/usr/lib64/python3.6/http/client.py", line 954, in connect (self.host,self.port), self.timeout, self.source_address) File "/usr/lib64/python3.6/socket.py", line 724, in create_connection raise err File "/usr/lib64/python3.6/socket.py", line 713, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused 2024-11-18T08:42:39Z DEBUG Overriding CA port: cannot connect to 'https://devbo01.datalab.novalocal:443/ca/rest/account/login': [Errno 111] Connection refused 2024-11-18T08:42:39Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:39Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:39Z DEBUG Trying to find certificate subject base in sysupgrade 2024-11-18T08:42:39Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:39Z DEBUG Found certificate subject base in sysupgrade: O=DATALAB.NOVALOCAL 2024-11-18T08:42:39Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:39Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/login 2024-11-18T08:42:39Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 200 2024-11-18T08:42:40Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=C00956AD1A706F9D54FFB61F8B928441; Path=/ca; Secure; HttpOnly Content-Type: application/xml;charset=UTF-8 Content-Length: 261 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'iparaCertificate Manager AgentsRegistration Manager AgentsSecurity Domain Administrators' 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw 2024-11-18T08:42:40Z DEBUG request body 'profileId=IECUserRoles\nclassId=caEnrollImpl\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\n' 2024-11-18T08:42:40Z DEBUG response status 201 2024-11-18T08:42:40Z DEBUG response headers Location: https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw Content-Type: application/json Content-Length: 7359 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'#Mon Nov 18 09:42:40 CET 2024\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\n' 2024-11-18T08:42:40Z DEBUG Profile 'IECUserRoles' successfully migrated to LDAP 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/IECUserRoles?action=enable 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 204 2024-11-18T08:42:40Z DEBUG response headers Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'' 2024-11-18T08:42:40Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/logout 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 204 2024-11-18T08:42:40Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=A482A6848E8EF7F31FF21A88C1C5933B; Path=/ca; Secure; HttpOnly Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'' 2024-11-18T08:42:40Z DEBUG Imported profile 'IECUserRoles' 2024-11-18T08:42:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:40Z DEBUG Trying to find certificate subject base in sysupgrade 2024-11-18T08:42:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:40Z DEBUG Found certificate subject base in sysupgrade: O=DATALAB.NOVALOCAL 2024-11-18T08:42:40Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:40Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/login 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 200 2024-11-18T08:42:40Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=CB04DC9AA6F67DD7E5F85C0737D951C7; Path=/ca; Secure; HttpOnly Content-Type: application/xml;charset=UTF-8 Content-Length: 261 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'iparaCertificate Manager AgentsRegistration Manager AgentsSecurity Domain Administrators' 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw 2024-11-18T08:42:40Z DEBUG request body 'profileId=KDCs_PKINIT_Certs\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.2.3.5\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\n' 2024-11-18T08:42:40Z DEBUG response status 201 2024-11-18T08:42:40Z DEBUG response headers Location: https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw Content-Type: application/json Content-Length: 7285 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'#Mon Nov 18 09:42:40 CET 2024\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.2.3.5\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\n' 2024-11-18T08:42:40Z DEBUG Profile 'KDCs_PKINIT_Certs' successfully migrated to LDAP 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/KDCs_PKINIT_Certs?action=enable 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 204 2024-11-18T08:42:40Z DEBUG response headers Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'' 2024-11-18T08:42:40Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/logout 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 204 2024-11-18T08:42:40Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=0DB62E3ED0363BC78DD54D0615DB61EB; Path=/ca; Secure; HttpOnly Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'' 2024-11-18T08:42:40Z DEBUG Imported profile 'KDCs_PKINIT_Certs' 2024-11-18T08:42:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:40Z DEBUG Trying to find certificate subject base in sysupgrade 2024-11-18T08:42:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:40Z DEBUG Found certificate subject base in sysupgrade: O=DATALAB.NOVALOCAL 2024-11-18T08:42:40Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:40Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/login 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 200 2024-11-18T08:42:40Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=57C788386F256AD9F077992EEDB944C8; Path=/ca; Secure; HttpOnly Content-Type: application/xml;charset=UTF-8 Content-Length: 261 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'iparaCertificate Manager AgentsRegistration Manager AgentsSecurity Domain Administrators' 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw 2024-11-18T08:42:40Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\n' 2024-11-18T08:42:40Z DEBUG response status 409 2024-11-18T08:42:40Z DEBUG response headers Content-Type: application/json Content-Length: 173 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Unable to create profile: Profile already exists"}' 2024-11-18T08:42:40Z DEBUG Error migrating 'caIPAserviceCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Unable to create profile: Profile already exists 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/caIPAserviceCert?action=disable 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 204 2024-11-18T08:42:40Z DEBUG response headers Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'' 2024-11-18T08:42:40Z DEBUG request PUT https://devbo01.datalab.novalocal:8443/ca/rest/profiles/caIPAserviceCert/raw 2024-11-18T08:42:40Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\n' 2024-11-18T08:42:41Z DEBUG response status 200 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Content-Type: application/json Content-Length: 7319 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'#Mon Nov 18 09:42:40 CET 2024\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\n' 2024-11-18T08:42:41Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/caIPAserviceCert?action=enable 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 204 2024-11-18T08:42:41Z DEBUG response headers Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'' 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/logout 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 204 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=CF535BFF0A2B363F86441BF6B7FA4B6D; Path=/ca; Secure; HttpOnly Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'' 2024-11-18T08:42:41Z DEBUG Imported profile 'caIPAserviceCert' 2024-11-18T08:42:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:41Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:41Z DEBUG Trying to find certificate subject base in sysupgrade 2024-11-18T08:42:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:41Z DEBUG Found certificate subject base in sysupgrade: O=DATALAB.NOVALOCAL 2024-11-18T08:42:41Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/login 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 200 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=B3D1B05B7128629F0312E9FAC2C8D8E4; Path=/ca; Secure; HttpOnly Content-Type: application/xml;charset=UTF-8 Content-Length: 261 Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'iparaCertificate Manager AgentsRegistration Manager AgentsSecurity Domain Administrators' 2024-11-18T08:42:41Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw 2024-11-18T08:42:41Z DEBUG request body 'profileId=acmeIPAServerCert\nclassId=caEnrollImpl\ndesc=ACME profile for use in IPA deployments\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=SessionAuthentication\nauthz.acl=group="Enterprise ACME Administrators"\nname=IPA ACME Service Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.1.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.1.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.1.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.1.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.1.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.1.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.1.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.1.default.name=Key Usage Default\npolicyset.serverCertSet.1.default.params.keyUsageCritical=true\npolicyset.serverCertSet.1.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.1.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.1.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.1.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.1.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.1.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.1.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.1.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.1.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.2.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.constraint.name=No Constraint\npolicyset.serverCertSet.2.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.2.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.2.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.2.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.3.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.3.constraint.name=No Constraint\npolicyset.serverCertSet.3.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.3.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.3.default.params.critical=false\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.6.default.name=User supplied extension in CSR\npolicyset.serverCertSet.6.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.7.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.7.constraint.name=Validity Constraint\npolicyset.serverCertSet.7.constraint.params.range=90\npolicyset.serverCertSet.7.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.7.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.7.default.name=Validity Default\npolicyset.serverCertSet.7.default.params.range=90\npolicyset.serverCertSet.7.default.params.startTime=0\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=sanToCNDefaultImpl\npolicyset.serverCertSet.9.default.name=SAN to CN Default\npolicyset.serverCertSet.10.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.10.constraint.name=Key Constraint\npolicyset.serverCertSet.10.constraint.params.keyType=RSA\npolicyset.serverCertSet.10.constraint.params.keyParameters=2048,3072,4096,8192\npolicyset.serverCertSet.10.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.10.default.name=Key Default\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.11.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.11.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.11.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.11.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.11.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.11.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.11.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.11.default.params.crlDistPointsReasons_0=\n' 2024-11-18T08:42:41Z DEBUG response status 201 2024-11-18T08:42:41Z DEBUG response headers Location: https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw Content-Type: application/json Content-Length: 6740 Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'#Mon Nov 18 09:42:41 CET 2024\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=SessionAuthentication\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.1.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=SAN to CN Default\npolicyset.serverCertSet.6.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.params.crlDistPointsPointType_0=URIName\nauthz.acl=group="Enterprise ACME Administrators"\npolicyset.serverCertSet.11.default.params.crlDistPointsNum=1\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.1.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.11.default.name=CRL Distribution Points Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.11.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.3.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.7.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.1.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.1.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.2.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.1.constraint.params.keyUsageCritical=true\nvisible=true\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.default.name=Key Default\ndesc=ACME profile for use in IPA deployments\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.1.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.1.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.2.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.2.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.6.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.10.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.1.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.11.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.7.default.class_id=validityDefaultImpl\nenable=true\npolicyset.serverCertSet.10.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.1.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.10.constraint.params.keyType=RSA\npolicyset.serverCertSet.7.default.params.range=90\npolicyset.serverCertSet.7.default.name=Validity Default\npolicyset.serverCertSet.10.constraint.params.keyParameters=2048,3072,4096,8192\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.1.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.7.constraint.params.notAfterCheck=false\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=Validity Constraint\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.2.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.1.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.7.constraint.params.range=90\nname=IPA ACME Service Certificate Enrollment\npolicyset.serverCertSet.1.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.3.default.params.critical=false\npolicyset.serverCertSet.11.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.11.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.2.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.6.default.name=User supplied extension in CSR\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.1.default.params.keyUsageCritical=true\npolicyset.serverCertSet.9.default.class_id=sanToCNDefaultImpl\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.3.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.7.constraint.class_id=validityConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.1.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.1.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.3.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.default.params.startTime=0\npolicyset.serverCertSet.1.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=Key Constraint\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.6.default.params.userExtOID=2.5.29.17\n' 2024-11-18T08:42:41Z DEBUG Profile 'acmeIPAServerCert' successfully migrated to LDAP 2024-11-18T08:42:41Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/acmeIPAServerCert?action=enable 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 204 2024-11-18T08:42:41Z DEBUG response headers Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'' 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/logout 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 204 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=B9C1C603C106C6E3DAD03FD64F537078; Path=/ca; Secure; HttpOnly Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'' 2024-11-18T08:42:41Z DEBUG Imported profile 'acmeIPAServerCert' 2024-11-18T08:42:41Z DEBUG step duration: pki-tomcatd import_included_profiles 1.76 sec 2024-11-18T08:42:41Z DEBUG [25/29]: migrating certificate profiles to LDAP 2024-11-18T08:42:41Z DEBUG Profile 'acmeServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCserverCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCECserverCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCECsubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCsubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCauditSigningCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCcaCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCocspCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCkraTransportCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCkraStorageCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caServerKeygen_UserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caServerKeygen_DirUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECUserCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caUserSMIMEcapCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDualCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDirBasedDualCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'AdminCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'ECAdminCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caSignedLogCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTPSCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caRARouterCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caRouterCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caServerCertWithSCT' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECServerCertWithSCT' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caSubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECSubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caOtherCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCACert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCcaCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCrossSignedCACert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInstallCACert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caRACert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caOCSPCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caStorageCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTransportCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDirPinUserCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECDirPinUserCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDirUserCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECDirUserCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caAgentServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECAgentServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caAgentFileSigning' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCECUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCcaIssuanceProtectionCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caFullCMCUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECFullCMCUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caFullCMCUserSignedCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECFullCMCUserSignedCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caFullCMCSharedTokenCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECFullCMCSharedTokenCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caSimpleCMCUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECSimpleCMCUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenDeviceKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserEncryptionKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserSigningKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTempTokenDeviceKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTempTokenUserEncryptionKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTempTokenUserSigningKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caAdminCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECAdminCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECInternalAuthServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthTransportCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthDRMstorageCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthSubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECInternalAuthSubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthOCSPCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthAuditSigningCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'DomainController' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDualRAuserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caRAagentCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caRAserverCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caUUIDdeviceCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caSSLClientSelfRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDirUserRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caManualRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenMSLoginEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserSigningKeyRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserEncryptionKeyRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserAuthKeyRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caJarSigningCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caIPAserviceCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caAuditSigningCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caEncUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caSigningUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserDelegateAuthKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserDelegateSigningKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG step duration: pki-tomcatd migrate_profiles_to_ldap 0.03 sec 2024-11-18T08:42:41Z DEBUG [26/29]: adding default CA ACL 2024-11-18T08:42:41Z DEBUG raw: caacl_find(None, version='2.251') 2024-11-18T08:42:41Z DEBUG caacl_find(None, all=False, raw=False, version='2.251', no_members=True, pkey_only=False) 2024-11-18T08:42:41Z DEBUG raw: caacl_add('hosts_services_caIPAserviceCert', hostcategory='all', servicecategory='all', version='2.251') 2024-11-18T08:42:41Z DEBUG caacl_add('hosts_services_caIPAserviceCert', hostcategory='all', servicecategory='all', all=False, raw=False, version='2.251', no_members=False) 2024-11-18T08:42:41Z DEBUG raw: caacl_add_profile('hosts_services_caIPAserviceCert', version='2.251', certprofile=('caIPAserviceCert',)) 2024-11-18T08:42:41Z DEBUG caacl_add_profile('hosts_services_caIPAserviceCert', all=False, raw=False, version='2.251', no_members=False, certprofile=('caIPAserviceCert',)) 2024-11-18T08:42:41Z DEBUG add_entry_to_group: dn=cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=datalab,dc=novalocal group_dn=ipaUniqueID=12a09696-a589-11ef-9022-fa163e16e082,cn=caacls,cn=ca,dc=datalab,dc=novalocal member_attr=ipamembercertprofile 2024-11-18T08:42:41Z DEBUG step duration: pki-tomcatd ensure_default_caacl 0.05 sec 2024-11-18T08:42:41Z DEBUG [27/29]: adding 'ipa' CA entry 2024-11-18T08:42:41Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/login 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 200 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=65F573848CB2995294BCDCE4059D2490; Path=/ca; Secure; HttpOnly Content-Type: application/xml;charset=UTF-8 Content-Length: 261 Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'iparaCertificate Manager AgentsRegistration Manager AgentsSecurity Domain Administrators' 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/authorities/host-authority 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 200 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Content-Type: application/json Content-Length: 276 Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'{"isHostAuthority":true,"id":"785f6a52-0ff0-4fd7-ad60-c9f9cfbc89df","parentID":null,"issuerDN":"CN=Certificate Authority,O=DATALAB.NOVALOCAL","serial":1,"dn":"CN=Certificate Authority,O=DATALAB.NOVALOCAL","enabled":true,"description":"Host authority","ready":true,"link":null}' 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/logout 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 204 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=E52875FB2B5AC8A4FA1943C2B56BA161; Path=/ca; Secure; HttpOnly Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'' 2024-11-18T08:42:41Z DEBUG step duration: pki-tomcatd ensure_ipa_authority_entry 0.21 sec 2024-11-18T08:42:41Z DEBUG [28/29]: configuring certmonger renewal for lightweight CAs 2024-11-18T08:42:41Z DEBUG step duration: pki-tomcatd add_lightweight_ca_tracking_requests 0.00 sec 2024-11-18T08:42:41Z DEBUG [29/29]: deploying ACME service 2024-11-18T08:42:41Z DEBUG Deploying ACME 2024-11-18T08:42:41Z DEBUG Starting external process 2024-11-18T08:42:41Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/pki/acme/database/ds/schema.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:42:41Z DEBUG Process finished, return code=0 2024-11-18T08:42:41Z DEBUG stdout=add attributeTypes: ( acmeCreated-oid NAME 'acmeCreated' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE ) ( acmeExpires-oid NAME 'acmeExpires' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE ) ( acmeValidatedAt-oid NAME 'acmeValidatedAt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE ) ( acmeStatus-oid NAME 'acmeStatus' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SINGLE-VALUE ) ( acmeError-oid NAME 'acmeError' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) ( acmeNonceId-oid NAME 'acmeNonceId' SUP name SINGLE-VALUE ) ( acmeAccountId-oid NAME 'acmeAccountId' SUP name SINGLE-VALUE ) ( acmeAccountContact-oid NAME 'acmeAccountContact' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch ) ( acmeAccountKey-oid NAME 'acmeAccountKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) ( acmeOrderId-oid NAME 'acmeOrderId' SUP name SINGLE-VALUE ) ( acmeIdentifier-oid NAME 'acmeIdentifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch ) ( acmeAuthorizationId-oid NAME 'acmeAuthorizationId' SUP name ) ( acmeAuthorizationWildcard-oid NAME 'acmeAuthorizationWildcard' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 EQUALITY booleanMatch SINGLE-VALUE ) ( acmeChallengeId-oid NAME 'acmeChallengeId' SUP name SINGLE-VALUE ) ( acmeToken-oid NAME 'acmeToken' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ( acmeCertificateId-oid NAME 'acmeCertificateId' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseExactMatch SINGLE-VALUE ) ( acmeEnabled-oid NAME 'acmeEnabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 EQUALITY booleanMatch SINGLE-VALUE ) add objectClasses: ( acmeNonce-oid NAME 'acmeNonce' STRUCTURAL MUST ( acmeNonceId $ acmeCreated $ acmeExpires ) ) ( acmeAccount-oid NAME 'acmeAccount' STRUCTURAL MUST ( acmeAccountId $ acmeCreated $ acmeAccountKey $ acmeStatus ) MAY acmeAccountContact ) ( acmeOrder-oid NAME 'acmeOrder' STRUCTURAL MUST ( acmeOrderId $ acmeAccountId $ acmeCreated $ acmeStatus $ acmeIdentifier $ acmeAuthorizationId ) MAY ( acmeError $ acmeCertificateId $ acmeExpires ) ) ( acmeAuthorization-oid NAME 'acmeAuthorization' STRUCTURAL MUST ( acmeAuthorizationId $ acmeAccountId $ acmeCreated $ acmeIdentifier $ acmeAuthorizationWildcard $ acmeStatus ) MAY acmeExpires ) ( acmeChallenge-oid NAME 'acmeChallenge' ABSTRACT MUST ( acmeChallengeId $ acmeAccountId $ acmeAuthorizationId $ acmeStatus ) MAY ( acmeValidatedAt $ acmeError ) ) ( acmeChallengeDns01-oid NAME 'acmeChallengeDns01' SUP acmeChallenge STRUCTURAL MUST acmeToken ) ( acmeChallengeHttp01-oid NAME 'acmeChallengeHttp01' SUP acmeChallenge STRUCTURAL MUST acmeToken ) ( acmeCertificate-oid NAME 'acmeCertificate' STRUCTURAL MUST ( acmeCertificateId $ acmeCreated $ userCertificate ) MAY acmeExpires ) modifying entry "cn=schema" modify complete 2024-11-18T08:42:41Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:42:41Z DEBUG update_entry modlist [(0, 'resourceACLS', [b'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations'])] 2024-11-18T08:42:42Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Enterprise ACME Administrators,ou=groups,o=ipaca member_attr=uniqueMember 2024-11-18T08:42:42Z DEBUG Starting external process 2024-11-18T08:42:42Z DEBUG args=['pki-server', 'acme-create'] 2024-11-18T08:42:42Z DEBUG Process finished, return code=0 2024-11-18T08:42:42Z DEBUG stdout= 2024-11-18T08:42:42Z DEBUG stderr= 2024-11-18T08:42:42Z DEBUG Starting external process 2024-11-18T08:42:42Z DEBUG args=['pki-server', 'acme-deploy'] 2024-11-18T08:42:42Z DEBUG Process finished, return code=0 2024-11-18T08:42:42Z DEBUG stdout= 2024-11-18T08:42:42Z DEBUG stderr= 2024-11-18T08:42:42Z DEBUG step duration: pki-tomcatd setup_acme 1.29 sec 2024-11-18T08:42:42Z DEBUG Done configuring certificate server (pki-tomcatd). 2024-11-18T08:42:42Z DEBUG service duration: pki-tomcatd 154.12 sec 2024-11-18T08:42:42Z DEBUG Removing /root/.dogtag/pki-tomcat/ca 2024-11-18T08:42:42Z DEBUG Configuring directory server (dirsrv) 2024-11-18T08:42:42Z DEBUG [1/3]: configuring TLS for DS instance 2024-11-18T08:42:42Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:42Z DEBUG Starting external process 2024-11-18T08:42:42Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-n', 'DATALAB.NOVALOCAL IPA CA', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:42Z DEBUG Process finished, return code=255 2024-11-18T08:42:42Z DEBUG stdout= 2024-11-18T08:42:42Z DEBUG stderr=certutil: Could not find cert: DATALAB.NOVALOCAL IPA CA : PR_FILE_NOT_FOUND_ERROR: File not found 2024-11-18T08:42:42Z DEBUG Starting external process 2024-11-18T08:42:42Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-N', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt', '-@', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/cert9.db'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/key4.db'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pkcs11.txt'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-A', '-n', 'DATALAB.NOVALOCAL IPA CA', '-t', 'CT,C,C', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:44Z DEBUG certmonger request is in state 'NEWLY_ADDED_READING_KEYINFO' 2024-11-18T08:42:45Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' 2024-11-18T08:42:45Z DEBUG certmonger request is in state 'READING_KEYINFO' 2024-11-18T08:42:46Z DEBUG certmonger request is in state 'GENERATING_CSR' 2024-11-18T08:42:46Z DEBUG certmonger request is in state 'SAVING_CERT' 2024-11-18T08:42:47Z DEBUG certmonger request is in state 'POST_SAVED_CERT' 2024-11-18T08:42:53Z DEBUG certmonger request is in state 'MONITORING' 2024-11-18T08:42:53Z DEBUG Cert request 20241118084243 was successful 2024-11-18T08:42:53Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:42:53Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:42:53Z DEBUG Starting external process 2024-11-18T08:42:53Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-n', 'Server-Cert', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:53Z DEBUG Process finished, return code=0 2024-11-18T08:42:53Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIIFazCCA9OgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRB TEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X DTI0MTExODA4NDI0NloXDTI2MTExOTA4NDI0NlowQDEaMBgGA1UECgwRREFUQUxB Qi5OT1ZBTE9DQUwxIjAgBgNVBAMMGWRldmJvMDEuZGF0YWxhYi5ub3ZhbG9jYWww ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHlh3slc3iZ/3Wji+SZbSz CCYRFb1PuoEhmgBMK3K5joOhRve8FhxtCckFunQXiJAvgRncro/DvmGaAz+mmwBg ASHSe8Uv6rALRsYrKHFtayJr2YPQbaNDYwtzHEco0yW3gHziSF9n1+1UwKPomAVY 3euG6YhLLLSM9QD8Kbx98m8jVL8rSZxPTMYp75byN02j8Y9Rng+qbH38r3+i8YYZ xrQdQj2eOLYY9Kb/cyGWqSwYmwcbpUyTi3kyO6Cau/UuQWQ80m68Q9It6V1QDuBP r48GrcoFYkmsc3orrRQ7qa9MgrrsVUziKvvNssm/pjDchZ2lTz4kGHOZOoxhjtbr AgMBAAGjggHyMIIB7jAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBD BggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxh Yi5ub3ZhbG9jYWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYI KwYBBQUHAwEGCCsGAQUFBwMCMHwGA1UdHwR1MHMwcaA5oDeGNWh0dHA6Ly9pcGEt Y2EuZGF0YWxhYi5ub3ZhbG9jYWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAw MQ4wDAYDVQQKDAVpcGFjYTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5 MB0GA1UdDgQWBBS+XyteDWt02c+vxXObRULT3qgjKjCBuQYDVR0RBIGxMIGughlk ZXZibzAxLmRhdGFsYWIubm92YWxvY2FsoEAGCisGAQQBgjcUAgOgMgwwbGRhcC9k ZXZibzAxLmRhdGFsYWIubm92YWxvY2FsQERBVEFMQUIuTk9WQUxPQ0FMoE8GBisG AQUCAqBFMEOgExsRREFUQUxBQi5OT1ZBTE9DQUyhLDAqoAMCAQGhIzAhGwRsZGFw GxlkZXZibzAxLmRhdGFsYWIubm92YWxvY2FsMA0GCSqGSIb3DQEBCwUAA4IBgQBW OSXegIWz2sf0FWiYgunI+uoOqFWSPfsynfF+ZJl80CQLAcIDkHzQSFey4IOqqMcL 0rDN9qFxSCsF4D4dYykGh11deWU+vdRGrAzfXdbMSD7vU93jgYYRZj72KQkHgql6 6WaE8bQcN+5h5DCdBdWXdK7JSnd1eCbu9/csBVF+hwndCuixEbNJiFu5OJMhY1ix C/dY3d2gz63QFTyqUDNwdeSrcJGt6lyLtv/dpL8A957rwmPZyYxHa27JPyMe4OiU QAKNTrQn+5gi3Gc5ZhCsZdxYBqpoTuvbV3qfl8BsQohb87ggnZbo1BlWymQb6F2C tm/8BxnbsGuuQpdHcDnGZZYLpfiDIt9mGkQck3L9Ko8EyLc2fOaxIII5uJD53aLQ 0n1gNylOqfv6XWah2arojb1V+pMduWeOEwcEAgQabnVBkDYgHNZqYpodYWrMR86F WMuJ038SYpgVsc3/M5NCLyYvyDe7yvbf2IwuLafN0zzpSE4pFeQ3JwP/eha2NI4= -----END CERTIFICATE----- 2024-11-18T08:42:53Z DEBUG stderr= 2024-11-18T08:42:53Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:42:53Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:42:53Z DEBUG update_entry modlist [(2, 'userCertificate', [b'0\x82\x05k0\x82\x03\xd3\xa0\x03\x02\x01\x02\x02\x01\x080\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000<1\x1a0\x18\x06\x03U\x04\n\x0c\x11DATALAB.NOVALOCAL1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1e\x17\r241118084246Z\x17\r261119084246Z0@1\x1a0\x18\x06\x03U\x04\n\x0c\x11DATALAB.NOVALOCAL1"0 \x06\x03U\x04\x03\x0c\x19devbo01.datalab.novalocal0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xc7\x96\x1d\xec\x95\xcd\xe2g\xfd\xd6\x8e/\x92e\xb4\xb3\x08&\x11\x15\xbdO\xba\x81!\x9a\x00L+r\xb9\x8e\x83\xa1F\xf7\xbc\x16\x1cm\t\xc9\x05\xbat\x17\x88\x90/\x81\x19\xdc\xae\x8f\xc3\xbea\x9a\x03?\xa6\x9b\x00`\x01!\xd2{\xc5/\xea\xb0\x0bF\xc6+(qmk"k\xd9\x83\xd0m\xa3Cc\x0bs\x1cG(\xd3%\xb7\x80|\xe2H_g\xd7\xedT\xc0\xa3\xe8\x98\x05X\xdd\xeb\x86\xe9\x88K,\xb4\x8c\xf5\x00\xfc)\xbc}\xf2o#T\xbf+I\x9cOL\xc6)\xef\x96\xf27M\xa3\xf1\x8fQ\x9e\x0f\xaal}\xfc\xaf\x7f\xa2\xf1\x86\x19\xc6\xb4\x1dB=\x9e8\xb6\x18\xf4\xa6\xffs!\x96\xa9,\x18\x9b\x07\x1b\xa5L\x93\x8by2;\xa0\x9a\xbb\xf5.Ad<\xd2n\xbcC\xd2-\xe9]P\x0e\xe0O\xaf\x8f\x06\xad\xca\x05bI\xacsz+\xad\x14;\xa9\xafL\x82\xba\xecUL\xe2*\xfb\xcd\xb2\xc9\xbf\xa60\xdc\x85\x9d\xa5O>$\x18s\x99:\x8ca\x8e\xd6\xeb\x02\x03\x01\x00\x01\xa3\x82\x01\xf20\x82\x01\xee0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xc7\xc2\x9cE:9\xf3\x9a\xf3\xa0-~,-o\xe4\x8b\xab\x9e50C\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x0470503\x06\x08+\x06\x01\x05\x05\x070\x01\x86\'http://ipa-ca.datalab.novalocal/ca/ocsp0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x04\xf00\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020|\x06\x03U\x1d\x1f\x04u0s0q\xa09\xa07\x865http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\xa24\xa42001\x0e0\x0c\x06\x03U\x04\n\x0c\x05ipaca1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xbe_+^\rkt\xd9\xcf\xaf\xc5s\x9bEB\xd3\xde\xa8#*0\x81\xb9\x06\x03U\x1d\x11\x04\x81\xb10\x81\xae\x82\x19devbo01.datalab.novalocal\xa0@\x06\n+\x06\x01\x04\x01\x827\x14\x02\x03\xa02\x0c0ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL\xa0O\x06\x06+\x06\x01\x05\x02\x02\xa0E0C\xa0\x13\x1b\x11DATALAB.NOVALOCAL\xa1,0*\xa0\x03\x02\x01\x01\xa1#0!\x1b\x04ldap\x1b\x19devbo01.datalab.novalocal0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x81\x00V9%\xde\x80\x85\xb3\xda\xc7\xf4\x15h\x98\x82\xe9\xc8\xfa\xea\x0e\xa8U\x92=\xfb2\x9d\xf1~d\x99|\xd0$\x0b\x01\xc2\x03\x90|\xd0HW\xb2\xe0\x83\xaa\xa8\xc7\x0b\xd2\xb0\xcd\xf6\xa1qH+\x05\xe0>\x1dc)\x06\x87]]ye>\xbd\xd4F\xac\x0c\xdf]\xd6\xccH>\xefS\xdd\xe3\x81\x86\x11f>\xf6)\t\x07\x82\xa9z\xe9f\x84\xf1\xb4\x1c7\xeea\xe40\x9d\x05\xd5\x97t\xae\xc9Jwux&\xee\xf7\xf7,\x05Q~\x87\t\xdd\n\xe8\xb1\x11\xb3I\x88[\xb98\x93!cX\xb1\x0b\xf7X\xdd\xdd\xa0\xcf\xad\xd0\x15<\xaaP3pu\xe4\xabp\x91\xad\xea\\\x8b\xb6\xff\xdd\xa4\xbf\x00\xf7\x9e\xeb\xc2c\xd9\xc9\x8cGkn\xc9?#\x1e\xe0\xe8\x94@\x02\x8dN\xb4\'\xfb\x98"\xdcg9f\x10\xace\xdcX\x06\xaahN\xeb\xdbWz\x9f\x97\xc0lB\x88[\xf3\xb8 \x9d\x96\xe8\xd4\x19V\xcad\x1b\xe8]\x82\xb6o\xfc\x07\x19\xdb\xb0k\xaeB\x97Gp9\xc6e\x96\x0b\xa5\xf8\x83"\xdff\x1aD\x1c\x93r\xfd*\x8f\x04\xc8\xb76|\xe6\xb1 \x829\xb8\x90\xf9\xdd\xa2\xd0\xd2}`7)N\xa9\xfb\xfa]f\xa1\xd9\xaa\xe8\x8d\xbdU\xfa\x93\x1d\xb9g\x8e\x13\x07\x04\x02\x04\x1anuA\x906 \x1c\xd6jb\x9a\x1daj\xccG\xce\x85X\xcb\x89\xd3\x7f\x12b\x98\x15\xb1\xcd\xff3\x93B/&/\xc87\xbb\xca\xf6\xdf\xd8\x8c.-\xa7\xcd\xd3<\xe9HN)\x15\xe47\'\x03\xffz\x16\xb64\x8e'])] 2024-11-18T08:42:53Z DEBUG update_entry modlist [(2, 'nsSSL3Ciphers', [b'default']), (2, 'allowWeakCipher', [b'off']), (2, 'nsSSLClientAuth', [b'allowed'])] 2024-11-18T08:42:54Z DEBUG update_entry modlist [(2, 'nsslapd-security', [b'on'])] 2024-11-18T08:42:54Z DEBUG update_entry modlist [(2, 'nsSSLPersonalitySSL', [b'Server-Cert']), (2, 'objectclass', [b'top', b'nsEncryptionModule']), (2, 'cn', [b'RSA']), (2, 'nsSSLToken', [b'internal (software)']), (2, 'nsSSLActivation', [b'on'])] 2024-11-18T08:42:54Z DEBUG step duration: dirsrv __enable_ssl 11.26 sec 2024-11-18T08:42:54Z DEBUG [2/3]: adding CA certificate entry 2024-11-18T08:42:54Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:54Z DEBUG Starting external process 2024-11-18T08:42:54Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:54Z DEBUG Process finished, return code=0 2024-11-18T08:42:54Z DEBUG stdout= Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI DATALAB.NOVALOCAL IPA CA CT,C,C Server-Cert u,u,u 2024-11-18T08:42:54Z DEBUG stderr= 2024-11-18T08:42:54Z DEBUG Starting external process 2024-11-18T08:42:54Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-O', '--simple-self-signed', '-n', 'DATALAB.NOVALOCAL IPA CA', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:54Z DEBUG Process finished, return code=0 2024-11-18T08:42:54Z DEBUG stdout="DATALAB.NOVALOCAL IPA CA" [CN=Certificate Authority,O=DATALAB.NOVALOCAL] 2024-11-18T08:42:54Z DEBUG stderr= 2024-11-18T08:42:54Z DEBUG Starting external process 2024-11-18T08:42:54Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-n', 'DATALAB.NOVALOCAL IPA CA', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:54Z DEBUG Process finished, return code=0 2024-11-18T08:42:54Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRB TEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X DTI0MTExODA4NDEwOVoXDTQ0MTExODA4NDEwOVowPDEaMBgGA1UECgwRREFUQUxB Qi5OT1ZBTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIw DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL4EApiwdHeBEKhDIzETZevWL0CC 9CCtpwQI01B8Bs313EruFVeLrR4/13wupTarPRsN/S9iDcHgrNYA7wIlI5hcjDId 1E3lyRurgTZk1FnOmUKCt+XHzWb4k1v4Dv6fO3empihMbUsBeq9R9wUPHmBYCObr XxijjHgNfyHAwUX6nwaHfYwEBHUAauF+40ejo9DbmTqRu8eESbxSfXMVr0m4hke1 72hCDnBmdHy7O1yuyi+pZ0B+z2Jl/vuWmtP3zJ2UNc+zpOq9sCaa7s5i/RGIf2j1 80vuCBs6AqWzqQyYmwpqo9RY2R9brvFG/4sEuCLcFrwp2bZzqkx+qdIVJ8qX7ydK LjlvA2iY3tLiR+KEIuBrOLCPDSvlhM+AyFaPJ0WOHZkrb07bUv9dqrpLsA6OO5Vu tps+dL2lOYqZf+PIAKblPna4uV+f0zoZF3KzxuMnlBHjPsGkEkP3ZoTi31GI0GDZ kimZjrcAVyI9H9lfPCMb8U6ei96pk5zfsEpOQQIDAQABo4GpMIGmMB8GA1UdIwQY MBaAFMfCnEU6OfOa86Atfiwtb+SLq541MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P AQH/BAQDAgHGMB0GA1UdDgQWBBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEF BQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3Zh bG9jYWwvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAqFcAqTsTKFhLqyZyLcbH ivWAtgYC6vhfsNV2QmpDyPdnj2vlQNsV2nGHmnZxC16b4cVbAlIHF8kCp3X86NOy 2SfQXww9iv4kXRyO1YBrX1Ie5BKA7AUA6YS3euD13eMGC6iLDTskjvPOQSktOivP pw+gMj7kfK5FL2WE8Kh9YCadLTmY9pSp9CyLEM2s9MS7rSAcRf3bRYkrSNPlKgFp pwk/RncA9Wy71FSmraHKl1psMoa5022vTiHL4EOddCiS7RC5ZEHyFn2AMTAlPmUo 4qEYudcVfA+TyUctYQgfVPDX8WTWvyWeX1exs+VINgL+zq8b3WFAV0pMBIgBr+aP x9lNZyEnpopL6qC3mJgKM7bxVF3aEv7pkGPt5s3e2j1ahwIa/X9WRbwB6bTCTs7N pbRYMxEeVIUCgSphCwxtLeUMkhwygbJmx/H2GzqStBRRRlOndcEXgnXMQTbdhqo2 ftUcEZCkwCFGXIQ0WYaiQ1LuocnxlTN8fpVCKDiTi2JT -----END CERTIFICATE----- 2024-11-18T08:42:54Z DEBUG stderr= 2024-11-18T08:42:54Z DEBUG step duration: dirsrv __upload_ca_cert 0.37 sec 2024-11-18T08:42:54Z DEBUG [3/3]: restarting directory server 2024-11-18T08:42:54Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:42:54Z DEBUG Starting external process 2024-11-18T08:42:54Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:42:54Z DEBUG Process finished, return code=0 2024-11-18T08:42:54Z DEBUG stdout= 2024-11-18T08:42:54Z DEBUG stderr= 2024-11-18T08:42:54Z DEBUG Starting external process 2024-11-18T08:42:54Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:42:59Z DEBUG Process finished, return code=0 2024-11-18T08:42:59Z DEBUG stdout= 2024-11-18T08:42:59Z DEBUG stderr= 2024-11-18T08:42:59Z DEBUG Starting external process 2024-11-18T08:42:59Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:42:59Z DEBUG Process finished, return code=0 2024-11-18T08:42:59Z DEBUG stdout=active 2024-11-18T08:42:59Z DEBUG stderr= 2024-11-18T08:42:59Z DEBUG wait_for_open_ports: localhost [389] timeout 120 2024-11-18T08:42:59Z DEBUG waiting for port: 389 2024-11-18T08:42:59Z DEBUG SUCCESS: port: 389 2024-11-18T08:42:59Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:42:59Z DEBUG Starting external process 2024-11-18T08:42:59Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:42:59Z DEBUG Process finished, return code=0 2024-11-18T08:42:59Z DEBUG stdout=active 2024-11-18T08:42:59Z DEBUG stderr= 2024-11-18T08:42:59Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:42:59Z DEBUG step duration: dirsrv __restart_instance 5.40 sec 2024-11-18T08:42:59Z DEBUG Done configuring directory server (dirsrv). 2024-11-18T08:42:59Z DEBUG service duration: dirsrv 17.03 sec 2024-11-18T08:42:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:59Z DEBUG Starting external process 2024-11-18T08:42:59Z DEBUG args=['/bin/systemctl', 'stop', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:43:00Z DEBUG Process finished, return code=0 2024-11-18T08:43:00Z DEBUG stdout= 2024-11-18T08:43:00Z DEBUG stderr= 2024-11-18T08:43:00Z DEBUG Stop of pki-tomcatd@pki-tomcat.service complete 2024-11-18T08:43:00Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:00Z DEBUG Ensuring that service pki-tomcatd@pki-tomcat is not running while the next set of commands is being executed. 2024-11-18T08:43:00Z DEBUG Starting external process 2024-11-18T08:43:00Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:43:00Z DEBUG Process finished, return code=3 2024-11-18T08:43:00Z DEBUG stdout=inactive 2024-11-18T08:43:00Z DEBUG stderr= 2024-11-18T08:43:00Z DEBUG Service pki-tomcatd@pki-tomcat is not running, continue. 2024-11-18T08:43:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:01Z DEBUG Set up lightweight CA key retrieval 2024-11-18T08:43:01Z DEBUG Creating principal 2024-11-18T08:43:01Z DEBUG Starting external process 2024-11-18T08:43:01Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:43:01Z DEBUG Process finished, return code=0 2024-11-18T08:43:01Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Principal "dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL" created. 2024-11-18T08:43:01Z DEBUG stderr=No policy specified for dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL; defaulting to no policy 2024-11-18T08:43:01Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:43:01Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:43:02Z DEBUG Retrieving keytab 2024-11-18T08:43:02Z DEBUG Starting external process 2024-11-18T08:43:02Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/pki/pki-tomcat/dogtag.keytab dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:43:02Z DEBUG Process finished, return code=0 2024-11-18T08:43:02Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. 2024-11-18T08:43:02Z DEBUG stderr= 2024-11-18T08:43:02Z DEBUG Creating Custodia keys 2024-11-18T08:43:03Z DEBUG Configuring key retriever 2024-11-18T08:43:03Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:03Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:03Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:43:03Z DEBUG Starting external process 2024-11-18T08:43:03Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:43:07Z DEBUG Process finished, return code=0 2024-11-18T08:43:07Z DEBUG stdout= 2024-11-18T08:43:07Z DEBUG stderr= 2024-11-18T08:43:07Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:43:07Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:43:07Z DEBUG Starting external process 2024-11-18T08:43:07Z DEBUG args=['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=0 2024-11-18T08:43:19Z DEBUG stdout= 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=0 2024-11-18T08:43:19Z DEBUG stdout=active 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 120 2024-11-18T08:43:19Z DEBUG waiting for port: 8080 2024-11-18T08:43:19Z DEBUG SUCCESS: port: 8080 2024-11-18T08:43:19Z DEBUG waiting for port: 8443 2024-11-18T08:43:19Z DEBUG SUCCESS: port: 8443 2024-11-18T08:43:19Z DEBUG Start of pki-tomcatd@pki-tomcat.service complete 2024-11-18T08:43:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:19Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:43:19Z DEBUG Configuring ipa-otpd 2024-11-18T08:43:19Z DEBUG [1/2]: starting ipa-otpd 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-otpd.socket'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=3 2024-11-18T08:43:19Z DEBUG stdout=inactive 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'restart', 'ipa-otpd.socket'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=0 2024-11-18T08:43:19Z DEBUG stdout= 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-otpd.socket'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=0 2024-11-18T08:43:19Z DEBUG stdout=active 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Restart of ipa-otpd.socket complete 2024-11-18T08:43:19Z DEBUG step duration: ipa-otpd __start 0.10 sec 2024-11-18T08:43:19Z DEBUG [2/2]: configuring ipa-otpd to start on boot 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-otpd.socket'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=1 2024-11-18T08:43:19Z DEBUG stdout=disabled 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'unmask', 'ipa-otpd.socket'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=0 2024-11-18T08:43:19Z DEBUG stdout= 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-otpd.socket'] 2024-11-18T08:43:20Z DEBUG Process finished, return code=0 2024-11-18T08:43:20Z DEBUG stdout= 2024-11-18T08:43:20Z DEBUG stderr= 2024-11-18T08:43:20Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:43:20Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:43:20Z DEBUG step duration: ipa-otpd __enable 1.02 sec 2024-11-18T08:43:20Z DEBUG Done configuring ipa-otpd. 2024-11-18T08:43:20Z DEBUG service duration: ipa-otpd 1.12 sec 2024-11-18T08:43:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:20Z DEBUG Configuring the web interface (httpd) 2024-11-18T08:43:20Z DEBUG [1/22]: stopping httpd 2024-11-18T08:43:20Z DEBUG Starting external process 2024-11-18T08:43:20Z DEBUG args=['/bin/systemctl', 'is-active', 'httpd.service'] 2024-11-18T08:43:20Z DEBUG Process finished, return code=3 2024-11-18T08:43:20Z DEBUG stdout=inactive 2024-11-18T08:43:20Z DEBUG stderr= 2024-11-18T08:43:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:20Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:20Z DEBUG Starting external process 2024-11-18T08:43:20Z DEBUG args=['/bin/systemctl', 'stop', 'httpd.service'] 2024-11-18T08:43:20Z DEBUG Process finished, return code=0 2024-11-18T08:43:20Z DEBUG stdout= 2024-11-18T08:43:20Z DEBUG stderr= 2024-11-18T08:43:20Z DEBUG Stop of httpd.service complete 2024-11-18T08:43:20Z DEBUG step duration: httpd __stop 0.07 sec 2024-11-18T08:43:20Z DEBUG [2/22]: backing up ssl.conf 2024-11-18T08:43:20Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ssl.conf' 2024-11-18T08:43:20Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:43:20Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ssl.conf' 2024-11-18T08:43:20Z DEBUG -> Not backing up - already have a copy of '/etc/httpd/conf.d/ssl.conf' 2024-11-18T08:43:20Z DEBUG step duration: httpd backup_ssl_conf 0.00 sec 2024-11-18T08:43:20Z DEBUG [3/22]: disabling nss.conf 2024-11-18T08:43:20Z DEBUG step duration: httpd disable_nss_conf 0.00 sec 2024-11-18T08:43:20Z DEBUG [4/22]: configuring mod_ssl certificate paths 2024-11-18T08:43:20Z DEBUG step duration: httpd configure_mod_ssl_certs 0.01 sec 2024-11-18T08:43:20Z DEBUG [5/22]: setting mod_ssl protocol list 2024-11-18T08:43:20Z DEBUG step duration: httpd set_mod_ssl_protocol 0.00 sec 2024-11-18T08:43:20Z DEBUG [6/22]: configuring mod_ssl log directory 2024-11-18T08:43:20Z DEBUG step duration: httpd set_mod_ssl_logdir 0.00 sec 2024-11-18T08:43:20Z DEBUG [7/22]: disabling mod_ssl OCSP 2024-11-18T08:43:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:20Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:20Z DEBUG step duration: httpd disable_mod_ssl_ocsp 0.05 sec 2024-11-18T08:43:20Z DEBUG [8/22]: adding URL rewriting rules 2024-11-18T08:43:20Z DEBUG step duration: httpd __add_include 0.00 sec 2024-11-18T08:43:20Z DEBUG [9/22]: configuring httpd 2024-11-18T08:43:20Z DEBUG Starting external process 2024-11-18T08:43:20Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:43:20Z DEBUG Process finished, return code=0 2024-11-18T08:43:20Z DEBUG stdout= 2024-11-18T08:43:20Z DEBUG stderr= 2024-11-18T08:43:20Z DEBUG Starting external process 2024-11-18T08:43:20Z DEBUG args=['/sbin/restorecon', '/etc/systemd/system/httpd.service.d/ipa.conf'] 2024-11-18T08:43:20Z DEBUG Process finished, return code=0 2024-11-18T08:43:20Z DEBUG stdout= 2024-11-18T08:43:20Z DEBUG stderr= 2024-11-18T08:43:20Z DEBUG Starting external process 2024-11-18T08:43:20Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z INFO Nothing to do for configure_httpd_wsgi_conf 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/sbin/restorecon', '/etc/httpd/alias'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa.conf' 2024-11-18T08:43:21Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa.conf' doesn't exist 2024-11-18T08:43:21Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa-rewrite.conf' 2024-11-18T08:43:21Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa-rewrite.conf' doesn't exist 2024-11-18T08:43:21Z DEBUG step duration: httpd __configure_http 0.37 sec 2024-11-18T08:43:21Z DEBUG [10/22]: setting up httpd keytab 2024-11-18T08:43:21Z DEBUG raw: service_add('HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', force=True, version='2.251') 2024-11-18T08:43:21Z DEBUG service_add(ipapython.kerberos.Principal('HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL'), force=True, skip_host_check=False, all=False, raw=False, version='2.251', no_members=False) 2024-11-18T08:43:21Z DEBUG raw: host_show('devbo01.datalab.novalocal', version='2.251') 2024-11-18T08:43:21Z DEBUG host_show('devbo01.datalab.novalocal', rights=False, all=False, raw=False, version='2.251', no_members=False) 2024-11-18T08:43:21Z DEBUG Backing up system configuration file '/var/lib/ipa/gssproxy/http.keytab' 2024-11-18T08:43:21Z DEBUG -> Not backing up - '/var/lib/ipa/gssproxy/http.keytab' doesn't exist 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/usr/sbin/ipa-getkeytab', '-k', '/var/lib/ipa/gssproxy/http.keytab', '-p', 'HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr=Keytab successfully retrieved and stored in: /var/lib/ipa/gssproxy/http.keytab 2024-11-18T08:43:21Z DEBUG step duration: httpd request_service_keytab 0.41 sec 2024-11-18T08:43:21Z DEBUG [11/22]: configuring Gssproxy 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/sbin/restorecon', '/etc/gssproxy/10-ipa.conf'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/bin/systemctl', 'restart', 'gssproxy.service'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/bin/systemctl', 'is-active', 'gssproxy.service'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout=active 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Restart of gssproxy.service complete 2024-11-18T08:43:21Z DEBUG step duration: httpd configure_gssproxy 0.12 sec 2024-11-18T08:43:21Z DEBUG [12/22]: setting up ssl 2024-11-18T08:43:22Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' 2024-11-18T08:43:22Z DEBUG certmonger request is in state 'SUBMITTING' 2024-11-18T08:43:23Z DEBUG certmonger request is in state 'POST_SAVED_CERT' 2024-11-18T08:43:24Z DEBUG certmonger request is in state 'MONITORING' 2024-11-18T08:43:24Z DEBUG Cert request 20241118084322 was successful 2024-11-18T08:43:24Z DEBUG update_entry modlist [(2, 'userCertificate', [b'0\x82\x05\x850\x82\x03\xed\xa0\x03\x02\x01\x02\x02\x01\t0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000<1\x1a0\x18\x06\x03U\x04\n\x0c\x11DATALAB.NOVALOCAL1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1e\x17\r241118084322Z\x17\r261119084322Z0@1\x1a0\x18\x06\x03U\x04\n\x0c\x11DATALAB.NOVALOCAL1"0 \x06\x03U\x04\x03\x0c\x19devbo01.datalab.novalocal0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xb45d[\x86>\xcb\x81(\x18\x84JR\xb9|\xe3\x0b\xf0\xe1\xb0\xa9\xc6u\x9aYN\xe3\xda\xfc4\xfcVL\x13\x00\x9b\xd6\xd4H\x88\xf7\xea3_\xca\xac\xb2O\xca\x0cN3\xf8\xb6\xe8\xfe\x0bF\x02\x153\x83\xdap\xf5d\x8a\x80\xbc\xfd\\\x85\xcfo\xc0\xfd\xdbr (\xfd\xbe\x97^\x12\xa4\x97\x90\x80\x1e\x8e`\xb9\x99X)\xb8\x7f>\xc5l\xb1+G\xc7Q>d\x01\t\xbduvA\x0cm,/\xf3\xe7#\xe0\x9a\xb0 5P\xc4m[}~6\xe9:\xa3\xe2k\x0c\xea\xa4R\xce\xedc3H\xbd\x96\xf4\xa1\x92\x0cx5\xadq\x08\xbfN\xc9\xb2\xda\xee\xf3\x84\xae\\e\xdc\xe9u\xa1\x0eo_3\x05\'c\xd0\x16\xea\xec\xad\xf1\x0b\xb8\xe1;z+\xc3\x8c\xcf\xd10\x86\xad\xfc\x00\x1eS\xc66\xf22s7\xe2\xb9hI\xa4\xde\xff\x03b\xfa\x0b\xa4\x11\xf5\xbe\x07W&\x86<\xe1\xa0j\xae\\%=\xdf\x166U[\xb5i\x1d\x88\x91\x84\xff\xeb\xa1\x88\xaa)\xcd\x7f\x05\x02\x03\x01\x00\x01\xa3\x82\x02\x0c0\x82\x02\x080\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xc7\xc2\x9cE:9\xf3\x9a\xf3\xa0-~,-o\xe4\x8b\xab\x9e50C\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x0470503\x06\x08+\x06\x01\x05\x05\x070\x01\x86\'http://ipa-ca.datalab.novalocal/ca/ocsp0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x04\xf00\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020|\x06\x03U\x1d\x1f\x04u0s0q\xa09\xa07\x865http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\xa24\xa42001\x0e0\x0c\x06\x03U\x04\n\x0c\x05ipaca1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14@\xecE\x04\x0c\xb4x\x92\x0b\x11\x986*\x16S\n+\x174g0\x81\xd3\x06\x03U\x1d\x11\x04\x81\xcb0\x81\xc8\x82\x19devbo01.datalab.novalocal\x82\x18ipa-ca.datalab.novalocal\xa0@\x06\n+\x06\x01\x04\x01\x827\x14\x02\x03\xa02\x0c0HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL\xa0O\x06\x06+\x06\x01\x05\x02\x02\xa0E0C\xa0\x13\x1b\x11DATALAB.NOVALOCAL\xa1,0*\xa0\x03\x02\x01\x01\xa1#0!\x1b\x04HTTP\x1b\x19devbo01.datalab.novalocal0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x81\x00Y5\xa5\xc0\xdc\xbe\xcb\xecB\xbb\xab\xd1\\\xd8Z\xa2\xc6\xf1eq\x8f\xb6\x1dNe\x9e\xfb\x00\x19\x8a\xb5\x00f3,;\xa8Zs\x99\xcfJ\xc7\xb5F\xe8\xb1N\xb5A\xc7k\xba\xe2\x12\xf5\x1f0\xc6a\xfb3\x82F+\x08\xae\xe0M\x1bz)?i\xa3D%?\x9f@\xb7\x14\xedA\xe7_\xf2\x80\x97C\x91\x0f\xf1\xbc3\xb3F\xe6\x0c;-\x06\xe5\x9ar6\xc7y\xd6\x89\xd1\xc9J\xeeCk]0\x9f\x89\x12g\xde\xe1\x044SBf\xb5\x00\x9fUzy\xb4\xe5\x179)\xdaK\x1a\xd1\x96\x0c\xbfn.*\xbeA\xd3\xc5k\x1e\xb6\xeb\xb7f\xa0z\xc1Z\xc3$\xce\xf8\x87^j\xac\xedrX=|\x04\x91\xc4\xbeK\xde\xaf\x06\x96\xa2?\x06\x17\xfc\xef\xaaDp\xfe\x15+\x97\xa3\x85&\x91\x1e\xbaE\x90\xec\xea:\xd7\x1dX:(\x82\xde\xed9\x8b\x00\xecG\x14\xf3\x18A\x98\xf8\x84\xb1\xd7`Vf*O\x92R\xa73\xd1\x93G*:\xbdt1\x9cv(\x16\xcc\x84L\xa7\xef\xda\xaeb\xdf\xc4\xe5:\xb9\x87Z~\x07\x14\x00\xa24\xd5\xf2\xf1vf*\x03\xf29Z\xa3d\xba\xe1\x16\x85\x8e\xaa\x99p\xa6%o\xc0$\xd7\x9bt\xfd\xde\xce\x99:)yv\x10\x11\xe4K\xe3n\x9bI\xed\x0e\x0c\xf3t\xedw\xcc\xb8\xf5<\xda\xf9\x19%cc\x94\xba\xce8\x13\x0e\xca\xad\\g\x98w\xfa5Au|\xd4$\xdf\xb9V\x8c 2\xa7\x95\x9d\xe4\x00\xb8\x91\x88\xab[\x19-\x1bt\xbb\x1a\x92(S\xfe\xfe\xe68"'])] 2024-11-18T08:43:24Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:24Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:24Z DEBUG step duration: httpd __setup_ssl 2.74 sec 2024-11-18T08:43:24Z DEBUG [13/22]: configure certmonger for renewals 2024-11-18T08:43:24Z DEBUG Starting external process 2024-11-18T08:43:24Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service'] 2024-11-18T08:43:24Z DEBUG Process finished, return code=0 2024-11-18T08:43:24Z DEBUG stdout=active 2024-11-18T08:43:24Z DEBUG stderr= 2024-11-18T08:43:24Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:24Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:24Z DEBUG step duration: httpd configure_certmonger_renewal_guard 0.57 sec 2024-11-18T08:43:24Z DEBUG [14/22]: publish CA cert 2024-11-18T08:43:24Z DEBUG step duration: httpd __publish_ca_cert 0.03 sec 2024-11-18T08:43:24Z DEBUG [15/22]: clean up any existing httpd ccaches 2024-11-18T08:43:24Z DEBUG Starting external process 2024-11-18T08:43:24Z DEBUG args=['/bin/systemd-tmpfiles', '--create', '--prefix', '/run/ipa/ccaches'] 2024-11-18T08:43:24Z DEBUG Process finished, return code=0 2024-11-18T08:43:24Z DEBUG stdout= 2024-11-18T08:43:24Z DEBUG stderr= 2024-11-18T08:43:24Z DEBUG step duration: httpd remove_httpd_ccaches 0.04 sec 2024-11-18T08:43:24Z DEBUG [16/22]: enable ccache sweep 2024-11-18T08:43:24Z DEBUG Starting external process 2024-11-18T08:43:24Z DEBUG args=['/bin/systemctl', 'enable', 'ipa-ccache-sweep.timer'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout= 2024-11-18T08:43:25Z DEBUG stderr=Created symlink /etc/systemd/system/timers.target.wants/ipa-ccache-sweep.timer → /usr/lib/systemd/system/ipa-ccache-sweep.timer. 2024-11-18T08:43:25Z DEBUG step duration: httpd enable_ccache_sweep 0.30 sec 2024-11-18T08:43:25Z DEBUG [17/22]: configuring SELinux for httpd 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout= 2024-11-18T08:43:25Z DEBUG stderr= 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/getsebool', 'httpd_can_network_connect'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout=httpd_can_network_connect --> off 2024-11-18T08:43:25Z DEBUG stderr= 2024-11-18T08:43:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/getsebool', 'httpd_manage_ipa'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout=httpd_manage_ipa --> off 2024-11-18T08:43:25Z DEBUG stderr= 2024-11-18T08:43:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/getsebool', 'httpd_run_ipa'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout=httpd_run_ipa --> off 2024-11-18T08:43:25Z DEBUG stderr= 2024-11-18T08:43:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/getsebool', 'httpd_dbus_sssd'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout=httpd_dbus_sssd --> off 2024-11-18T08:43:25Z DEBUG stderr= 2024-11-18T08:43:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/setsebool', '-P', 'httpd_can_network_connect=on', 'httpd_manage_ipa=on', 'httpd_run_ipa=on', 'httpd_dbus_sssd=on'] 2024-11-18T08:43:27Z DEBUG Process finished, return code=0 2024-11-18T08:43:27Z DEBUG stdout= 2024-11-18T08:43:27Z DEBUG stderr= 2024-11-18T08:43:27Z DEBUG step duration: httpd configure_selinux_for_httpd 2.06 sec 2024-11-18T08:43:27Z DEBUG [18/22]: create KDC proxy config 2024-11-18T08:43:27Z DEBUG Backing up system configuration file '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' 2024-11-18T08:43:27Z DEBUG -> Not backing up - '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' doesn't exist 2024-11-18T08:43:27Z DEBUG step duration: httpd create_kdcproxy_conf 0.00 sec 2024-11-18T08:43:27Z DEBUG [19/22]: enable KDC proxy 2024-11-18T08:43:27Z DEBUG update_entry modlist [(0, 'ipaconfigstring', [b'kdcProxyEnabled'])] 2024-11-18T08:43:27Z DEBUG service KDC has all config values set 2024-11-18T08:43:27Z DEBUG step duration: httpd enable_kdcproxy 0.01 sec 2024-11-18T08:43:27Z DEBUG [20/22]: starting httpd 2024-11-18T08:43:27Z DEBUG Starting external process 2024-11-18T08:43:27Z DEBUG args=['/bin/systemctl', 'start', 'httpd.service'] 2024-11-18T08:43:28Z DEBUG Process finished, return code=0 2024-11-18T08:43:28Z DEBUG stdout= 2024-11-18T08:43:28Z DEBUG stderr= 2024-11-18T08:43:28Z DEBUG Starting external process 2024-11-18T08:43:28Z DEBUG args=['/bin/systemctl', 'is-active', 'httpd.service'] 2024-11-18T08:43:28Z DEBUG Process finished, return code=0 2024-11-18T08:43:28Z DEBUG stdout=active 2024-11-18T08:43:28Z DEBUG stderr= 2024-11-18T08:43:28Z DEBUG Start of httpd.service complete 2024-11-18T08:43:28Z DEBUG step duration: httpd start 1.57 sec 2024-11-18T08:43:28Z DEBUG [21/22]: configuring httpd to start on boot 2024-11-18T08:43:28Z DEBUG Starting external process 2024-11-18T08:43:28Z DEBUG args=['/bin/systemctl', 'is-enabled', 'httpd.service'] 2024-11-18T08:43:28Z DEBUG Process finished, return code=1 2024-11-18T08:43:28Z DEBUG stdout=disabled 2024-11-18T08:43:28Z DEBUG stderr= 2024-11-18T08:43:28Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:28Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:28Z DEBUG Starting external process 2024-11-18T08:43:28Z DEBUG args=['/bin/systemctl', 'unmask', 'httpd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=0 2024-11-18T08:43:29Z DEBUG stdout= 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'disable', 'httpd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=0 2024-11-18T08:43:29Z DEBUG stdout= 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG step duration: httpd __enable 0.63 sec 2024-11-18T08:43:29Z DEBUG [22/22]: enabling oddjobd 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'is-active', 'oddjobd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=3 2024-11-18T08:43:29Z DEBUG stdout=inactive 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'is-enabled', 'oddjobd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=1 2024-11-18T08:43:29Z DEBUG stdout=disabled 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'enable', 'oddjobd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=0 2024-11-18T08:43:29Z DEBUG stdout= 2024-11-18T08:43:29Z DEBUG stderr=Created symlink /etc/systemd/system/multi-user.target.wants/oddjobd.service → /usr/lib/systemd/system/oddjobd.service. 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'start', 'oddjobd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=0 2024-11-18T08:43:29Z DEBUG stdout= 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'is-active', 'oddjobd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=0 2024-11-18T08:43:29Z DEBUG stdout=active 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG Start of oddjobd.service complete 2024-11-18T08:43:29Z DEBUG step duration: httpd enable_and_start_oddjobd 0.40 sec 2024-11-18T08:43:29Z DEBUG Done configuring the web interface (httpd). 2024-11-18T08:43:29Z DEBUG service duration: httpd 9.41 sec 2024-11-18T08:43:29Z DEBUG Configuring Kerberos KDC (krb5kdc) 2024-11-18T08:43:29Z DEBUG [1/1]: installing X509 Certificate for PKINIT 2024-11-18T08:43:30Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' 2024-11-18T08:43:31Z DEBUG certmonger request is in state 'READING_CERT' 2024-11-18T08:43:31Z DEBUG certmonger request is in state 'POST_SAVED_CERT' 2024-11-18T08:43:32Z DEBUG certmonger request is in state 'MONITORING' 2024-11-18T08:43:32Z DEBUG Cert request 20241118084330 was successful 2024-11-18T08:43:32Z DEBUG update_entry modlist [(0, 'ipaconfigstring', [b'pkinitEnabled'])] 2024-11-18T08:43:32Z DEBUG service KDC has all config values set 2024-11-18T08:43:32Z DEBUG step duration: krb5kdc setup_pkinit 2.76 sec 2024-11-18T08:43:32Z DEBUG Done configuring Kerberos KDC (krb5kdc). 2024-11-18T08:43:32Z DEBUG service duration: krb5kdc 2.76 sec 2024-11-18T08:43:32Z DEBUG Starting external process 2024-11-18T08:43:32Z DEBUG args=['/bin/systemctl', 'restart', 'krb5kdc.service'] 2024-11-18T08:43:33Z DEBUG Process finished, return code=0 2024-11-18T08:43:33Z DEBUG stdout= 2024-11-18T08:43:33Z DEBUG stderr= 2024-11-18T08:43:33Z DEBUG Starting external process 2024-11-18T08:43:33Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] 2024-11-18T08:43:33Z DEBUG Process finished, return code=0 2024-11-18T08:43:33Z DEBUG stdout=active 2024-11-18T08:43:33Z DEBUG stderr= 2024-11-18T08:43:33Z DEBUG Restart of krb5kdc.service complete 2024-11-18T08:43:33Z DEBUG Applying LDAP updates 2024-11-18T08:43:33Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:33Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:43:33Z DEBUG Starting external process 2024-11-18T08:43:33Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:43:33Z DEBUG Process finished, return code=0 2024-11-18T08:43:33Z DEBUG stdout=active 2024-11-18T08:43:33Z DEBUG stderr= 2024-11-18T08:43:33Z DEBUG Upgrading IPA:. Estimated time: 1 minute 30 seconds 2024-11-18T08:43:33Z DEBUG [1/10]: stopping directory server 2024-11-18T08:43:33Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:43:33Z DEBUG Starting external process 2024-11-18T08:43:33Z DEBUG args=['/bin/systemctl', 'stop', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:43:34Z DEBUG Process finished, return code=0 2024-11-18T08:43:34Z DEBUG stdout= 2024-11-18T08:43:34Z DEBUG stderr= 2024-11-18T08:43:34Z DEBUG Stop of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:43:34Z DEBUG step duration: dirsrv __stop_instance 1.49 sec 2024-11-18T08:43:34Z DEBUG [2/10]: saving configuration 2024-11-18T08:43:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG step duration: dirsrv __save_config 0.13 sec 2024-11-18T08:43:34Z DEBUG [3/10]: disabling listeners 2024-11-18T08:43:34Z DEBUG step duration: dirsrv __disable_listeners 0.10 sec 2024-11-18T08:43:34Z DEBUG [4/10]: enabling DS global lock 2024-11-18T08:43:34Z DEBUG step duration: dirsrv __enable_ds_global_write_lock 0.06 sec 2024-11-18T08:43:34Z DEBUG [5/10]: disabling Schema Compat 2024-11-18T08:43:34Z DEBUG step duration: dirsrv __disable_schema_compat 0.06 sec 2024-11-18T08:43:34Z DEBUG [6/10]: starting directory server 2024-11-18T08:43:34Z DEBUG Starting external process 2024-11-18T08:43:34Z DEBUG args=['/bin/systemctl', 'start', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:43:36Z DEBUG Process finished, return code=0 2024-11-18T08:43:36Z DEBUG stdout= 2024-11-18T08:43:36Z DEBUG stderr= 2024-11-18T08:43:36Z DEBUG Start of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:43:36Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:43:36Z DEBUG step duration: dirsrv __start 1.80 sec 2024-11-18T08:43:36Z DEBUG [7/10]: upgrading server 2024-11-18T08:43:36Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:43:36Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:43:38Z DEBUG Created connection context.ldap2_139840936580488 2024-11-18T08:43:38Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T08:43:38Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:43:38Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:43:38Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:43:38Z DEBUG Parsing update file '/usr/share/ipa/updates/05-pre_upgrade_plugins.update' 2024-11-18T08:43:38Z DEBUG Executing upgrade plugin: update_managed_post_first 2024-11-18T08:43:38Z DEBUG raw: update_managed_post_first 2024-11-18T08:43:38Z DEBUG Executing upgrade plugin: update_changelog_maxage 2024-11-18T08:43:38Z DEBUG raw: update_changelog_maxage 2024-11-18T08:43:38Z DEBUG Error retrieving: cn=changelog5,cn=config 2024-11-18T08:43:38Z DEBUG Executing upgrade plugin: update_replica_attribute_lists 2024-11-18T08:43:38Z DEBUG raw: update_replica_attribute_lists 2024-11-18T08:43:38Z DEBUG Start replication agreement exclude list update task 2024-11-18T08:43:38Z DEBUG raw: topologysuffix_find(None, version='2.251') 2024-11-18T08:43:38Z DEBUG topologysuffix_find(None, all=False, raw=False, version='2.251', pkey_only=False) 2024-11-18T08:43:38Z DEBUG raw: topologysegment_find('domain', None, all=True, version='2.251') 2024-11-18T08:43:38Z DEBUG topologysegment_find('domain', None, all=True, raw=False, version='2.251', pkey_only=False) 2024-11-18T08:43:38Z DEBUG Done updating agreements 2024-11-18T08:43:38Z DEBUG Executing upgrade plugin: update_passync_privilege_check 2024-11-18T08:43:38Z DEBUG raw: update_passync_privilege_check 2024-11-18T08:43:38Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:38Z DEBUG Check if there is existing PassSync privilege 2024-11-18T08:43:38Z DEBUG PassSync privilege not found, this is a new update 2024-11-18T08:43:38Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:38Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:38Z DEBUG Executing upgrade plugin: update_referint 2024-11-18T08:43:38Z DEBUG raw: update_referint 2024-11-18T08:43:38Z DEBUG Upgrading referential integrity plugin configuration 2024-11-18T08:43:39Z DEBUG Initial value: LDAPEntry(ipapython.dn.DN('cn=referential integrity postoperation,cn=plugins,cn=config'), {'cn': [b'referential integrity postoperation'], 'nsslapd-plugin-depends-on-type': [b'database'], 'nsslapd-pluginDescription': [b'referential integrity plugin'], 'nsslapd-pluginEnabled': [b'on'], 'nsslapd-pluginId': [b'referint'], 'nsslapd-pluginInitfunc': [b'referint_postop_init'], 'nsslapd-pluginPath': [b'libreferint-plugin'], 'nsslapd-pluginType': [b'betxnpostoperation'], 'nsslapd-pluginVendor': [b'389 Project'], 'nsslapd-pluginVersion': [b'1.4.3.39'], 'nsslapd-pluginprecedence': [b'40'], 'objectClass': [b'top', b'nsSlapdPlugin', b'extensibleObject'], 'referint-logfile': [b'/var/log/dirsrv/slapd-DATALAB-NOVALOCAL/referint'], 'referint-membership-attr': [b'member', b'uniquemember', b'owner', b'seeAlso'], 'referint-update-delay': [b'0']}) 2024-11-18T08:43:39Z DEBUG Plugin already uses new style, skipping 2024-11-18T08:43:39Z DEBUG Executing upgrade plugin: update_uniqueness_plugins_to_new_syntax 2024-11-18T08:43:39Z DEBUG raw: update_uniqueness_plugins_to_new_syntax 2024-11-18T08:43:39Z DEBUG No uniqueness plugin entries with old style configuration found 2024-11-18T08:43:39Z DEBUG LDAP update duration: /usr/share/ipa/updates/05-pre_upgrade_plugins.update 0.269 sec 2024-11-18T08:43:39Z DEBUG Parsing update file '/usr/share/ipa/updates/10-config.update' 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 2000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG only: set nsslapd-ssl-check-hostname to 'on', current value ['on'] 2024-11-18T08:43:39Z DEBUG only: updated value ['on'] 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 2000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG [] 2024-11-18T08:43:39Z DEBUG Updated 0 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG Kerberos Principal Name 2024-11-18T08:43:39Z DEBUG ipamodrdnfilter: 2024-11-18T08:43:39Z DEBUG (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) 2024-11-18T08:43:39Z DEBUG ipamodrdnscope: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG ipamodrdnsourceattr: 2024-11-18T08:43:39Z DEBUG uid 2024-11-18T08:43:39Z DEBUG ipamodrdnsuffix: 2024-11-18T08:43:39Z DEBUG @DATALAB.NOVALOCAL 2024-11-18T08:43:39Z DEBUG ipamodrdntargetattr: 2024-11-18T08:43:39Z DEBUG krbPrincipalName 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG remove: '60' from nsslapd-pluginPrecedence, current value [] 2024-11-18T08:43:39Z DEBUG remove: '60' not in nsslapd-pluginPrecedence 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG Kerberos Principal Name 2024-11-18T08:43:39Z DEBUG ipamodrdnfilter: 2024-11-18T08:43:39Z DEBUG (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) 2024-11-18T08:43:39Z DEBUG ipamodrdnscope: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG ipamodrdnsourceattr: 2024-11-18T08:43:39Z DEBUG uid 2024-11-18T08:43:39Z DEBUG ipamodrdnsuffix: 2024-11-18T08:43:39Z DEBUG @DATALAB.NOVALOCAL 2024-11-18T08:43:39Z DEBUG ipamodrdntargetattr: 2024-11-18T08:43:39Z DEBUG krbPrincipalName 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG [] 2024-11-18T08:43:39Z DEBUG Updated 0 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG IPA MODRDN 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:39Z DEBUG database 2024-11-18T08:43:39Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:39Z DEBUG IPA MODRDN plugin 2024-11-18T08:43:39Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:39Z DEBUG IPA MODRDN 2024-11-18T08:43:39Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:39Z DEBUG ipamodrdn_init 2024-11-18T08:43:39Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:39Z DEBUG libipa_modrdn 2024-11-18T08:43:39Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:39Z DEBUG betxnpostoperation 2024-11-18T08:43:39Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:39Z DEBUG Red Hat, Inc. 2024-11-18T08:43:39Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:39Z DEBUG 1.0 2024-11-18T08:43:39Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG nsSlapdPlugin 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG only: set nsslapd-pluginPrecedence to '60', current value ['60'] 2024-11-18T08:43:39Z DEBUG only: updated value ['60'] 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG IPA MODRDN 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:39Z DEBUG database 2024-11-18T08:43:39Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:39Z DEBUG IPA MODRDN plugin 2024-11-18T08:43:39Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:39Z DEBUG IPA MODRDN 2024-11-18T08:43:39Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:39Z DEBUG ipamodrdn_init 2024-11-18T08:43:39Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:39Z DEBUG libipa_modrdn 2024-11-18T08:43:39Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:39Z DEBUG betxnpostoperation 2024-11-18T08:43:39Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:39Z DEBUG Red Hat, Inc. 2024-11-18T08:43:39Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:39Z DEBUG 1.0 2024-11-18T08:43:39Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG nsSlapdPlugin 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG [] 2024-11-18T08:43:39Z DEBUG Updated 0 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 2000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG replace: updated value ['100000'] 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 100000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG [(2, 'nsslapd-sizelimit', ['100000'])] 2024-11-18T08:43:39Z DEBUG Updated 1 2024-11-18T08:43:39Z DEBUG update_entry modlist [(2, 'nsslapd-sizelimit', [b'100000'])] 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapd-lookthroughlimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG nsslapd-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-idlistscanlimit: 2024-11-18T08:43:39Z DEBUG 2147483646 2024-11-18T08:43:39Z DEBUG nsslapd-directory: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db 2024-11-18T08:43:39Z DEBUG nsslapd-import-cachesize: 2024-11-18T08:43:39Z DEBUG 16777216 2024-11-18T08:43:39Z DEBUG nsslapd-idl-switch: 2024-11-18T08:43:39Z DEBUG new 2024-11-18T08:43:39Z DEBUG nsslapd-search-bypass-filter-test: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-search-use-vlv-index: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-exclude-from-export: 2024-11-18T08:43:39Z DEBUG entrydn entryid dncomp parentid numSubordinates tombstonenumsubordinates entryusn 2024-11-18T08:43:39Z DEBUG nsslapd-serial-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-subtree-rename-switch: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-pagedlookthroughlimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-pagedidlistscanlimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-rangelookthroughlimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG nsslapd-backend-opt-level: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-backend-implement: 2024-11-18T08:43:39Z DEBUG bdb 2024-11-18T08:43:39Z DEBUG replace: updated value ['100000'] 2024-11-18T08:43:39Z DEBUG replace: 4000 not found, skipping 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapd-lookthroughlimit: 2024-11-18T08:43:39Z DEBUG 100000 2024-11-18T08:43:39Z DEBUG nsslapd-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-idlistscanlimit: 2024-11-18T08:43:39Z DEBUG 2147483646 2024-11-18T08:43:39Z DEBUG nsslapd-directory: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db 2024-11-18T08:43:39Z DEBUG nsslapd-import-cachesize: 2024-11-18T08:43:39Z DEBUG 16777216 2024-11-18T08:43:39Z DEBUG nsslapd-idl-switch: 2024-11-18T08:43:39Z DEBUG new 2024-11-18T08:43:39Z DEBUG nsslapd-search-bypass-filter-test: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-search-use-vlv-index: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-exclude-from-export: 2024-11-18T08:43:39Z DEBUG entrydn entryid dncomp parentid numSubordinates tombstonenumsubordinates entryusn 2024-11-18T08:43:39Z DEBUG nsslapd-serial-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-subtree-rename-switch: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-pagedlookthroughlimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-pagedidlistscanlimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-rangelookthroughlimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG nsslapd-backend-opt-level: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-backend-implement: 2024-11-18T08:43:39Z DEBUG bdb 2024-11-18T08:43:39Z DEBUG [(2, 'nsslapd-lookthroughlimit', ['100000'])] 2024-11-18T08:43:39Z DEBUG Updated 1 2024-11-18T08:43:39Z DEBUG update_entry modlist [(2, 'nsslapd-lookthroughlimit', [b'100000'])] 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG New entry: cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG objectclass: 2024-11-18T08:43:39Z DEBUG nsContainer 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG anonymous-limits 2024-11-18T08:43:39Z DEBUG nsSizeLimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG nsLookThroughLimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG objectclass: 2024-11-18T08:43:39Z DEBUG nsContainer 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG anonymous-limits 2024-11-18T08:43:39Z DEBUG nsSizeLimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG nsLookThroughLimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 100000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG only: set nsslapd-anonlimitsdn to 'cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal', current value [''] 2024-11-18T08:43:39Z DEBUG only: updated value ['cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolea